Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
Technical analysis by the Malware Hunter JAMESWT
False order from Poland delivers unknown malware via Guloader. The email rar attachment contains an exe: the loader, which contacts a url and downloads the final payload. This however is unknown
A false order from Poland is the latest bait in a malware campaign via Guloader.
The rar attachment contains an exe file: the loader itself, which contacts another url and downloads the final payload. It is not clear at the moment what it is. Guloader has been used by cybercrime to carry different types of information stealers such as AgentTesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.