Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Since AV vendors are so good at writing reports (http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing) but amazingly fail at detecting malwares I decided to share a few new samples of Gholee malware.
- Original posts about Gholee:
- http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/
- http://securityaffairs.co/wordpress/28170/cyber-crime/gholee-malware.html
- Crowdstrike's:
- https://www.hackcon.org/wp-content/uploads/2015/02/Foredrag01.pdf
- First discovered XLS - 3f7118a2ff787e61b5d18ba0591a29f90349d8ab93aa7d005cdf833f8c9895b2
- (text version of the macro - https://pastebin.com/Kz45uVma)
- Dropped file - 69cd44995cd8705f9d21cecc978b6a646eefb9872761844fd33b05b7ac2f0767
- New samples of Gholee 0/54 detection rate (of course):
- 0b75e6364bb63043cf60c8adc98a5749b5167322f8951b128b56768158e3f576
- 578bb18c52242192d6404f3263930f0992dc6babbcbdd72f393228de036a0ea5
- f0f83d8a8eb7737a92212fe0a13045a3f867c580a47191a048465cd1efb41905
- 9bec8af624f7df5eeb8d0b072ad8914dded727cb0a58ebf45a9e4df9d7bdf8fd
- a9b7c289cea29941b0c4c0e2809d703f934dbcc29c13b4bc900b0ee973108984
- Yara rules for detectiong the samples:
- https://pastebin.com/fm1mb6qX
- All above samples can be download from here:
- https://s3-eu-west-1.amazonaws.com/snakebyte.co.il/uploads/Gholee.7z
- pass: infected
- Enjoy
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement