SmokeBuster Tool

SUMMARY :

ThreatLabz has developed SmokeBuster, a tool to detect, analyze, and remove SmokeLoader malware from infected systems. Despite Operation Endgame's disruption in May 2024, SmokeLoader continues to be used by threat groups. SmokeBuster supports various SmokeLoader versions and Windows systems, offering features like uninstallation, thread control, and memory manipulation. The tool revealed bugs in recent SmokeLoader versions that significantly degrade system performance. These flaws stem from persistence implementation, infection checks, and inadequate thread and memory cleanup. The bugs cause repeated injections and thread creation, leading to system slowdown over time. SmokeBuster's capabilities may accelerate SmokeLoader's decline, especially given its performance-degrading flaws.

OPENCTI LABELS :

windows,smokeloader,operation endgame,malware analysis,dofoil,thread manipulation,system performance,memory injection,smokebuster


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


SmokeBuster Tool