Rewterz Threat Alert – XLoader Malware – Active IOCs

Severity

High

Analysis Summary

Xloader Malware is next in line to another well known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France.

Impact

• Credential Theft
• Infostealer
• Keylogging

Indicators of Compromise

IP

• 72[.]29[.]74[.]90
• 64[.]32[.]8[.]70
• 64[.]190[.]62[.]111
• 63[.]250[.]34[.]223
• 34[.]102[.]136[.]180
• 216[.]239[.]38[.]21
• 204[.]11[.]56[.]48
• 184[.]168[.]131[.]241
• 162[.]0[.]229[.]244
• 128[.]65[.]195[.]232

MD5

• 4ded6a1d590e8a31ae6b9ea0ffb3331d
• a17bf4533d7ec677a0d4bdae19e41ff2

SHA-256

• 81c4276f2e3c0ed456b08402a6a5b63d0cad68220b7a3275b3cbf0ba73faaa21
• 97d6b194da410db82d9974aec984cff8ac0a6ad59ec72b79d4b2a4672b5aa8aa

SHA-1

• b8c0167341d3639eb1ed2636a56c272dc66546fa
• 7edead477048b47d2ac3abdc4baef12579c3c348

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.