Rewterz Threat Alert – GuLoader Malspam Campaign

Rewterz Threat Alert – NJRAT – Active IOCs

February 8, 2022

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

February 8, 2022

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

Severity

Medium

Analysis Summary

Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also got its payloads from Microsoft OneDrive and websites that were controlled by an attacker. GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts.

Impact

Information Theft
Security Bypass

Indicators of Compromise

MD5

81aabb6f9db36c97ee14faaefa9393b2
47c9be2e32894e27f763c37a1adb6756
a483038e68f51e5d58d78290a3044b54
11be05a3efc32c20ccf83bd7f6a48e07

SHA-256

bffd7ff53ce71a47f2b7b769b3a8819f678afe4f62e2737b08d72eb568a795d4
b997563f91893df5f6774b83fd3f3c43d6e251ceae1d511380cee3c579b94345
70a387806649d7d97e7b5c8aec4e213ccb5c737291bc490fb8aad52edf953900
88a56adfda71155cd315c64ca5ab176120f7d74369cc752cb63ee6a00f90e736

SHA-1

b90700fbd8340f90502860e8f881b92cc57ea7c3
df979daafae5b03f7cfa316b80cf9f2ab2cf3750
d1cf0b2775c00f064943b844aad25901d708bf33
33516981aa5d0cd1ee5dc0f1627449d0a45a6472

Remediation

Search for IOCs in your environment.
Block all the threat indicators at your respective controls.
Do not download files attached in untrusted emails.
Do not download files from untrusted sources on the internet