#GuLoader_#AnonVNC_160824

1. #IOC #OptiData #VR #GuLoader #AnonVNC #MeshAgent
2.  
3. https://pastebin.com/9SYknZHD
4.  
5. previous_contact:
6. 12/08/24
7.  
8. FAQ:
9. https://github.com/Ylianst/MeshAgent
10. https://cert.gov.ua/article/6280345
11.  
12. attack_vector
13. --------------
14. email URL > privat24x _com > reCaptcha > .exe > get config > C2
15.  
16. # # # # # # # #
17. email_headers
18. # # # # # # # #
19. Date: Fri, 16 Aug 2024 11:19:40 +0300
20. From: Лазарев Абрам Робертович <finmons @privatbank _ua>
21. Subject: Запит інформації № 1500750 вiд: 16.08.2024
22. Reply-To: "public @cip _gov _ua" <public @cip _gov _ua>
23. Received: from smtp _dwku _com ([223 _130 _104 _222])
24. Received: from 193 _33 _153 _89 (HELO 193 _33 _153 _89) (FROM: yeotaeshik @dwku _com)
25.  
26. # # # # # # # #
27. files
28. # # # # # # # #
29. SHA-256 fd21bb2bd77692d295d1bb956325bfa23fd439a6982f2f5bbd8a92733e69dc1a
30. File name Scan_Docs#630739.exe
31. File size 587.56 KB (601664 bytes)
32.  
33. SHA-256 0b9189304936322f58e164c985e58e12e3ed32787bc2efe67df5d9a7698fe2b9
34. File name Scan_Docs#672910
35. File size 587.56 KB (601664 bytes)
36.  
37. SHA-256 ef8f4aa052f414afc1843473cb33633c509b9ccacdb4da055d51daa100b583cf
38. File name nPZGZs136.bin
39. File size 2.09 MB (2195008 bytes)
40.  
41.  
42. # # # # # # # #
43. activity
44. # # # # # # # #
45.  
46. PL_SCR privat24x _com
47. privat24x _com /linkss.txt
48.  
49. C2 186 _2 _171 _76
50.  
51.  
52. netwrk
53. --------------
54. 190 _115 _18 _43 gbshost _net 443 TLSv1.3 Client Hello
55. 186 _2 _171 _76 443 TLSv1.2 Client Hello
56.  
57. comp
58. --------------
59. Scan_Docs#672910.exe 190 _115 _18 _43 443
60. Scan_Docs#672910.exe 186 _2 _171 _76 443
61.  
62. proc
63. --------------
64. C:\Users\User01\Downloads\files1608\Scan_Docs#672910.exe
65. C:\Users\User01\Downloads\files1608\Scan_Docs#672910.exe
66.  
67. persist
68. --------------
69. Siam Computer (MD Kamrul Hassan) C:\Users\User01\AppData\Roaming\Tjenesteivriges\Fondler.exe Sat Aug 17 15:04:49 2024
70.  
71. drop
72. --------------
73. C:\Users\User01\Downloads\files1608\Scan_Docs#672910.exe
74.  
75. # # # # # # # #
76. additional info
77. # # # # # # # #
78. n/a
79.  
80. # # # # # # # #
81. VT & Intezer
82. # # # # # # # #
83. https://www.virustotal.com/gui/file/fd21bb2bd77692d295d1bb956325bfa23fd439a6982f2f5bbd8a92733e69dc1a/details
84. https://www.virustotal.com/gui/file/0b9189304936322f58e164c985e58e12e3ed32787bc2efe67df5d9a7698fe2b9/details
85. https://www.virustotal.com/gui/file/ef8f4aa052f414afc1843473cb33633c509b9ccacdb4da055d51daa100b583cf/details
86.  
87. VR