GuLoader VBScript Variant Returns with PowerShell Updates
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Models Exploits - T1587.004 Exploits - T1588.005 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 21d3934a-01b3-44d9-a519-012ca446a56e
Fingerprint c670984abb71f24
Analysis status DONE
Considered CTI value 2
Text language
Published July 4, 2023, midnight
Added to db Oct. 24, 2023, 1:20 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline GuLoader VBScript Variant Returns with PowerShell Updates
Title GuLoader VBScript Variant Returns with PowerShell Updates
Detected Hints/Tags/Attributes 67/2/17
Source URLs
Redirection Url
Details Source https://www.esentire.com/blog/guloader-vbscript-variant-returns-with-powershell-updates
URL Provider
Details Provider Source level domain
Details esentire.com www.esentire.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
softmedal.com
Details Domain 1 
fasta.ski
Details Domain 1 
zazuservr.com
Details File 1 
infos.pdf
Details File 1 
tefor.vbs
Details File 16 
ieinstal.exe
Details File 1209 
powershell.exe
Details File 1 
ifaeettilhlw208.bin
Details File 3 
ieinstall.exe
Details md5 1 
f39329106b591529cc1d7e82f4cfbfa6
Details md5 1 
f6489874716c1684221548d18631e3a9
Details md5 1 
905129eea82849764137f68e12efb2e7
Details md5 1 
eabf387e4dc5cff8e24030a09ffa7a7c
Details md5 1 
1f8721109e05b5283d21a69e25293717
Details IPv4 2 
194.55.224.183
Details Url 1 
http://194.55.224.183/frsh/remimicra.hhp
Details Url 1 
http://194.55.224.183/frsh/ifaeettilhlw208.bin