skip to Main Content

Cybercrime, fake DHL invoice decoy for a malware via Guloader

Malware Hunter JAMESWT Technical Analysis

Fake invoice DHL decoy for a malware via Guloader. The email gz attachment contains an exe: the loader, which contacts a url and downloads the final payload. This however is unknown

A fake DHL invoice is the lure for a new malware campaign, which passes via Guloader.

The gz attachment contains an exe file: the loader itself, which contacts another url and downloads the final payload. It is not clear at the moment what it is. Guloader has been used by cybercrime to carry different types of information stealers such as AgentTesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.

Back To Top