2021-09-03 (FRIDAY) - GULOADER FOR POSSIBLE REMCOS RAT
ASSOCIATED FILES:
- 2021-09-03-IOCs-for-GuLoader-for-possible-Remcos-RAT.txt.zip 1.2 kB (1,220 bytes)
- 2021-09-03-GuLoader-malspam-for-Remcos-RAT.eml.zip 608 kB (608,010 bytes)
- 2021-09-03-GuLoader-for-possible-Remcos-RAT.pcap.zip 635 kB (635,380 bytes)
- 2021-09-03-malware-and-artifacts-from-GuLoader-possible-Remcos-RAT-infection.zip 1.1 MB (1,122,222 bytes)
NOTES:
- I've written about GuLoader before, which is a method used for some RAT-based malware infections:
- GuLoader installing Network RAT (published April 2020)
- GuLoader for Remcos RAT (published February 2021)
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Chain of events for this infection.
Shown above: Screenshot of the email.
Shown above: Screenshot of the attachment opened in Microsoft Excel.
Shown above: Traffic from the infection filtered in Wireshark
Shown above: GuLoader saved to the infected Windows host.
Click here to return to the main page.