The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, massive global Guloader campaign
Massive global Guloader campaign. Compressed email attachments, as different as each message, contain an exe. This is the loader, which contacts a url and should download an unknown malware
Massive global Guloader campaign. Numerous emails are circulating these days, coming from different senders and with different compressed attachments, all of which contain an exe file (they vary with each message): the loader, which contacts a url and should download a final malware, that is currently unknown. Guloader has been used by cybercrime to deliver different types of information stealers such as AgentTesla/Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria/Warzone RAT and Parallax RAT.
Some emails that spread Guloader