Rewterz Threat Update – Proof of Concept of CVE-2021-41379 and CVE-2021-42321 Released
November 24, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
November 24, 2021Rewterz Threat Update – Proof of Concept of CVE-2021-41379 and CVE-2021-42321 Released
November 24, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
November 24, 2021Severity
High
Analysis Summary
Xloader Malware is next in line to another well known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France.
Impact
- Credential Theft
- Infostealer
- Keylogging
Indicators of Compromise
IP
- 103[.]145[.]254[.]163
MD5
- 6e6ab3816732d6675851ee3896053984
SHA-256
- 1bdc41058e53e885ccf81cf42ddac59733b6608f40719017dde98ac33ed8b8f5
SHA-1
- a51032cc71b6b6972238a281908ca98afd8769fa
URL
- http[:]//www[.]esyscoloradosprings[.]com/fqiq/
- http[:]//103[.]145[.]254[.]163/76190111111_1/vbc[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment