2024-08-26 (MONDAY): GULOADER FOR REMCOS RAT

NOTES:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

REFERENCES:

• https://www.linkedin.com/posts/unit42_malspam-guloader-remcos-activity-7234210584571826176-Pi_E/
• https://x.com/Unit42_Intel/status/1828444963001995599

ASSOCIATED FILES:

• 2024-08-26-GuLoader-for-Remcos-RAT.pcap.zip   1.5 MB   (1,515,872 bytes)

• 2024-08-26-GuLoader-for-Remcos-RAT.pcap   (1,670,896 bytes)

• 2024-08-26-email-and-malware-and-artifacts-from-the-infection.zip   1.6 MB   (1,555,264 bytes)

• 2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt   (3,915 bytes)
• 2024-08-24-GuLoader-for-Remcos-RAT-malspam-1614-UTC.eml   (158,001 bytes)
• 2024-08-26-registry-update-for-GuLoader-1-of-2.txt   (722 bytes)
• 2024-08-26-registry-update-for-GuLoader-2-of-2.txt   (8,912 bytes)
• Eyeable49.xtp   (480,232 bytes)
• mCNQZhDQboPBW61.bin   (494,656 bytes)
• Payment_Confirmation_Advice_0822202400000000837849_pdf.7z   (68,202 bytes)
• Payment_Confirmation_Advice_0822202400000000837849_pdf.vbs   (138,961 bytes)
• WebBrowserPassView.exe   (495,631 bytes)

 

Click here to return to the main page.