skip to Main Content

Cybercrime, new Guloader campaign via purchase orders

Technical analysis by the Malware Hunter JAMESWT

New Guloader campaign via purchase orders. The exe in the iso attachment of the email contacts Google and downloads the malware. This is decrypted and starts the infection. The data is exfiltrated via email

Guloader is conveyed in a global campaign, through a false purchase order. The email contains an image file in iso format with an executable inside.

The exe, if opened, downloads the malware from Google and then decrypts it to start the infection.

The latter acts as a keylogger and sends the stolen data by email from to

Guloader has been used in the past by cybercrime to carry different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.

Back To Top