Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
November 29, 2022Rewterz Threat Update – Russian-Linked RansomBoggs Ransomware Targeted Several Ukrainian Organizations
November 29, 2022Severity
High
Analysis Summary
Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also acquired its payloads from Microsoft OneDrive and an attacker-controlled website.
GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts. GuLoader malware spawns AgentTesla In its latest campaign in October 2022. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders.
Impact
- Malware Installation
- Detection Evasion
- Information Theft
Indicators of Compromise
MD5
ca1cd0656568af4f58aa28e61a3e3edb
bfa859d9ad7b23d3606ea13f525065a7
c7a59bf0022073147d3e19bad4c2261a
1c4e3e615e3596572062bca5ec498d41
SHA-256
6931d5a8ac6e00c855139d9da394b7895d83a9a18a8974c0b2381c5a28e68678
ec51e9ad23c469e82059bd497873749017e80e136053a25c7a752ffa18bf2002
83dcd3cf283294bc824d14d1c6e1548d8621cb7942a5f7a94b99db51fa817817
622163e09e5ad5324887c02d7834628d7213015fc48d286d69b4a90fa17a772d
SHA-1
1fde05eb6e587047d8a47950bcb2efdb53409b42
a1b3e395dc20bcdaa866b953a08a48d0079bace2
a0fe7d9b6a4a09c7c23a8e7f07c9945b0eb5548f
40365b3026ba2fca699462877fc106d58d2406c2
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.