skip to Main Content

Cybercrime, DHL-themed AgentTesla campaign via Guloader

Malware Hunter JAMESWT Technical Analysis

DHL-themed AgentTesla campaign via Guloader. The email gz attachment contains an exe: the loader, which contacts a url and downloads the final malware. The stolen data is exfiltrated via FTP

AgentTesla is conveyed via Guloader by a fake DHL email.

The gz attachment contains an exe: the loader, which contacts a url and downloads the final malware. The stolen data is then exfiltrated via FTP.

Guloader has been used by cybercrime to carry different types of information stealers such as AgentTesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.

Back To Top