GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Visual Basic - T1059.005 |
Common Information
| Type | Value |
|---|---|
| UUID | b537335d-6b48-4e8f-8fab-f04efa757690 |
| Fingerprint | 5045d6f8dbb0a85 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 12, 2022, 8:47 a.m. |
| Added to db | Sept. 11, 2022, 4:59 p.m. |
| Last updated | Nov. 13, 2024, 12:37 a.m. |
| Headline | GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email |
| Title | GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email - ASEC BLOG |
| Detected Hints/Tags/Attributes | 21/2/10 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/36470/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | lovelifereboot.com |
|
| Details | File | 2 | jp181222006.exe |
|
| Details | File | 208 | setup.exe |
|
| Details | File | 1 | price_of.exe |
|
| Details | File | 7 | advice.pdf |
|
| Details | File | 2 | order_104121_90778_azbrightok.exe |
|
| Details | File | 9 | wininit.ini |
|
| Details | File | 2 | maks_ywgaq67.bin |
|
| Details | md5 | 1 | 29dae93183c2b0f2eb98db22d3a246dd |
|
| Details | Url | 2 | https://lovelifereboot.com/maks_ywgaq67.bin |