Smoke Loader Backdoor Gets Anti-Analysis Improvements

Discussion in '0-day Release' started by silversurfer, Aug 13, 2017 at 12:20 AM.

Tags:
  1. silversurfer

    silversurfer Malware Tester Silver Member

    The infamous Smoke Loader backdoor now has more complex anti-analysis techniques that allow it to remain a potent malware delivery mechanism, PhishLabs security researchers warn. Also known as Dofoil, Smoke Loader has been advertised on dark web forums since at least mid-2011. Packing a modular design, the malware can receive secondary execution instructions and/or download additional functional modules. Lately, the loader has been used in the distribution of malware such as the TrickBot banking Trojan and GlobeImposter ransomware.

    The Smoke Loader installer, the security researchers explain, spawns an EnumTools thread to detect and evade analysis tools, and uses an API to enumerate running analysis utilities. The malware checks for twelve analysis processes via a hash-based method, and terminates itself if one is found running. As part of an anti-VM check, it also queries the name and the volume information of the infected machine, along with a registry key.

    Read full article on source: http://www.securityweek.com/smoke-loader-backdoor-gets-anti-analysis-improvements
     
    wwd and RGiskardR like this.
  2. Google Adsense

Share This Page