Rewterz Threat Alert – XLoader Malware – Active IOCs

Severity

High

Analysis Summary

Xloader Malware is next in line to another well-known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. Between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France.

Impact

• Credential Theft
• Infostealer
• Keylogging

Indicators of Compromise

MD5

• 0c9056f4d1c364a1b86c2cbd4d2f9010

SHA-256

• dd3ab4cca36bd08f8d95b6d2f6fe654c555febebdc5ca5558ef577448ebf7567

SHA-1

• 1f7436322f2a5602bef4a97779aa4e66e6d82405

URL

• http[:]//107[.]172[.]73[.]195/0078/vbc[.]exe

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment