Spoofed Saudi Purchase Order Drops GuLoader – Part 2 | FortiGuard Labs
Tags
| country: | Saudi Arabia Ukraine |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Connection Proxy - T1090 |
Common Information
| Type | Value |
|---|---|
| UUID | b7853052-63e1-4216-b9cd-c05553d055d8 |
| Fingerprint | cc1d9d32c13287cf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 12, 2022, 3:32 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 5:58 p.m. |
| Headline | Spoofed Saudi Purchase Order Drops GuLoader – Part 2 |
| Title | Spoofed Saudi Purchase Order Drops GuLoader – Part 2 | FortiGuard Labs |
| Detected Hints/Tags/Attributes | 57/3/19 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | bounceclick.live |
|
| Details | File | 2 | 23754-1.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 57 | system.dll |
|
| Details | File | 1 | parallelizing.log |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 2 | 23754-1.iso |
|
| Details | File | 2 | corg_ryggqn229.bin |
|
| Details | sha256 | 2 | c4debff9c0ec8a56aea5cd97215c6c906bd475ea8bd521fb9a346a4c992a0448 |
|
| Details | sha256 | 2 | 14d52119459ef12be3a2f9a3a6578ee3255580f679b1b54de0990b6ba403b0fe |
|
| Details | sha256 | 2 | 4a1b6b30209c35ab180fa675a769e3285f54597963dd0bb29f7adb686ba88b79 |
|
| Details | sha256 | 1 | 344362b48b8aa9a89623e0bfd139d62f07e2523e600a79bb5af940f35d0740e5 |
|
| Details | sha256 | 1 | 3e79ce8ac441c8c8e777fe0804b67da0bd908a045d553a31893d95f15ae4ea01 |
|
| Details | sha256 | 1 | 9c5f99c37d042b0d6f2b5614fade06d373b2b954bf021bbf955df03693f2380d |
|
| Details | sha256 | 1 | 53a0111fa7fca816618b65709ebf5d04ae9a64f9ebcfe08c60117a6a6f9d8030 |
|
| Details | sha256 | 1 | 5805e51dc4825c86b2d38c2a011429259954395e2d7b1fd06d83a2a3ec16fc14 |
|
| Details | sha256 | 1 | 1051d3690e70e4227a2b0a0aa87367fb09c49c55360c7a1880b2acfba0b77490 |
|
| Details | sha256 | 1 | cc1ad7582d16db389c1b15a1cccdc188a85398165623876f4c7887743e54a9f9 |
|
| Details | Windows Registry Key | 13 | HKCU\SOFTWARE |