skip to Main Content

Cybercrime, new Guloader campaign via RQF

Technical analysis by the Malware Hunter JAMESWT

False purchase order from a real Quloader company. The email attachment contains an exe file, the malware itself that downloads other payloads. At the moment, however, it is not known what they are

A false purchase order (Request for Quotation, RQF) of a real company is the latest lure of cybercrime to convey Guloader. The email compressed attachment in GZ format contains an executable file, the malware itself.

This has in the past been used to carry different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT. At the moment, however, it has not been possible to trace what the next payload is.

Back To Top