Rewterz

Rewterz Threat Alert – IcedID banking Trojan – Active IOCs

March 9, 2022
Rewterz

Rewterz Threat Alert – Remcos RAT – Active IOCs

March 9, 2022

Rewterz Threat Alert – XLoader Malware – Active IOCs

Severity

High

Analysis Summary

Xloader Malware is next in line to another well known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France

Impact

  • Credential Theft
  • Infostealer
  • Keylogging

Indicators of Compromise

MD5

  • e5bb32287e7070903a4bac85fd97d213
  • 90112a3f154b07a82e5ea523e7631f20

SHA-256

  • 467f389d5a13b96d6afcfbcea98d2a7360f02d7dc6f24e493563a0967378ddca
  • e98706b7597c00c854c61d51a05413681020c6096024aee23e924b6eeaee2a5d

SHA-1

  • d05a26bb4baf301b2c27386b52c55b591ea9e628
  • e2d32fef75f06b1301c80e7767177d4597696edb

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.