Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
May 30, 2022Rewterz Threat Alert – AZORult Malware – Active IOCs
May 30, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
May 30, 2022Rewterz Threat Alert – AZORult Malware – Active IOCs
May 30, 2022Severity
High
Analysis Summary
Xloader Malware is next in line to another well known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France. This time it was spotted targeting the oil and gas industry.
Impact
- Credential Theft
- Infostealer
- Keylogging
Indicators of Compromise
MD5
61fd6e9f1ec1cbca11b6ea6aa72e8474
0595acb95baf12defea266d3c1cba6fc
SHA-256
74109522b38c609b4c576eecde644ffe544fcdc9a6494a9683f8eea6fb9e0bc7
36355464c361c0e2caa14c517de97291a9bc6707acda3bbd34a30aa45e55c5b2
SHA-1
fd1f3f9dddb8af3d956c42ba7a6a1e2f0a540cb5
d6a568cc60f2510d2b828db4333171b36b6bab01
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.