Malware campaign via Guloader and Ziraat Bankasi. The r19 attachment of an email about a SWIFT transfer contains an exe: the loader, which should contact a link and download the final payload. At the moment, however, this is unknown

A new Ziraat Bankasi-themed malspam campaign carries an unknown malware via guloader.

The r19 attachment of a fake email on a SWIFT transfer contains an exe file: the loader, which is supposed to contact a link and download the final payload. At the moment, however, this is unknown. Guloader has been used by cybercrime to deliver different types of information stealers such as AgentTesla/Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria/Warzone RAT and Parallax RAT.