

Rewterz Threat Alert – Amadey Botnet – Active IOCs
October 28, 2021
Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
October 29, 2021
Rewterz Threat Alert – Amadey Botnet – Active IOCs
October 28, 2021
Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
October 29, 2021Severity
High
Analysis Summary
Xloader Malware is next in line to another well-known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. Between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France.
Impact
- Credential Theft
- Infostealer
- Keylogging
Indicators of Compromise
MD5
- 0c9056f4d1c364a1b86c2cbd4d2f9010
SHA-256
- dd3ab4cca36bd08f8d95b6d2f6fe654c555febebdc5ca5558ef577448ebf7567
SHA-1
- 1f7436322f2a5602bef4a97779aa4e66e6d82405
URL
- http[:]//107[.]172[.]73[.]195/0078/vbc[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment