Cybersecurity expert JAMESWT: The link in the message downloads a zip with a URL pointing to an SMB, which downloads and executes the malware. Same TTP as the “Revenue Agency” campaign in Italy.
Malware Hunter JAMESWT Technical Analysis
New order-themed malware campaign via Guloader. The gz attachment of the email contains an exe file: the loader, which should contact a link and download an unknown final payload
The gz attachment of the email contains an exe file: the loader, which should contact a link and download the final payload. At the moment, however, this is unknown. Guloader has been used by cybercrime to carry different types of information stealers such as AgentTesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.