General
-
Target
https://storage.googleapis.com/inbound-mail-attachments-prod/333504ee-d368-4b1b-8ebb-24859f5fdf10?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1770984295&Signature=ook9nPxPM8c4lkLI%2BNURZ8LiVpLDeQQYf2E2BtIaudHxMLOMrDCUHWW4b5ZYBA6VstZ4rPc90uJUOSQTnBScowKIuyq8pY9B5SDQ8d6ijslSlCpR%2FzGcO9zg54DyPa%2BVR8FKokS0MzqX7XHOLud4okEyH51VZJ0Xd9N4%2F19HKEqAkGbHnZuoBEdXe8XtXRpaPKYAuXT0UBsk5knWvCtvNSLgfgZvmBwZqMRq0hliC9h%2BHqxn2pbdjvzGCyVMq%2FAr1BmB0C%2B5YmaOz5ahB0u5cDKDBbs%2FwuKyWamVHN1NIqEU5SR%2FjG9pHH%2BGiSC6x7giL4i4tQXdhzbBNngBTQTw9g%3D%3D
-
Sample
250213-rzxwbazlet
Malware Config
Targets
-
-
Target
https://storage.googleapis.com/inbound-mail-attachments-prod/333504ee-d368-4b1b-8ebb-24859f5fdf10?GoogleAccessId=distribution-controller-prod@inbound-mail-attachments.iam.gserviceaccount.com&Expires=1770984295&Signature=ook9nPxPM8c4lkLI%2BNURZ8LiVpLDeQQYf2E2BtIaudHxMLOMrDCUHWW4b5ZYBA6VstZ4rPc90uJUOSQTnBScowKIuyq8pY9B5SDQ8d6ijslSlCpR%2FzGcO9zg54DyPa%2BVR8FKokS0MzqX7XHOLud4okEyH51VZJ0Xd9N4%2F19HKEqAkGbHnZuoBEdXe8XtXRpaPKYAuXT0UBsk5knWvCtvNSLgfgZvmBwZqMRq0hliC9h%2BHqxn2pbdjvzGCyVMq%2FAr1BmB0C%2B5YmaOz5ahB0u5cDKDBbs%2FwuKyWamVHN1NIqEU5SR%2FjG9pHH%2BGiSC6x7giL4i4tQXdhzbBNngBTQTw9g%3D%3D
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: distributioncontrollerprod@inboundmailattachments.iam.gserviceaccount.com
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-