Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

Severity

Medium

Analysis Summary

Since 2019, Guloader has been in operation as a downloader. GuLoader spreads through spam campaigns with malicious archived attachments. GuLoader downloads the bulk of malware, with the most frequent being AgentTesla, FormBook, and NanoCore. The encrypted payloads of this downloader are usually saved on Google Drive. It also got its payloads from Microsoft OneDrive and websites that were controlled by an attacker. GuLoader can avoid network-based detection by using genuine file-sharing websites, which aren’t often filtered or inspected in corporate contexts.

Impact

• Information Theft
• Security Bypass

Indicators of Compromise

MD5

• e14eed75c5a448f30631d0c0c0bcbc16
• 72ac16f0b49f84e7c3bd98dea8ac39f3
• a7ff9d6ac75f5a8e46de69043e142416

SHA-256

• b86cadd3a19d4d1ef23277589e4ab25ba11d1a8c4bb1744598d8587deaaa8be5
• 0248d9d183a4e488fb4f6cd5d05fd4f6fe1ee33a3df848faacc64977cc4bf2f6
• d3984f4416ca88b8648499838b92a8b35d73af385e80fcb5d6a883969842f5ee

SHA-1

• 607bfd27449d6c56708b042e9bac8fabe5ba864d
• 5ba3da93c926bad024aefd0580c0043f4f04c067
• 2adbaccbcf305fdc5f3d38ee7e05132eae5a4b7e

Remediation

• Search for IOCs in your environment.
• Block all the threat indicators at your respective controls.