Technical analysis by the Malware Hunter JAMESWT

The global campaign to convey Guloader continues. The email text email changes, but the system is always the same. Xz attachment contains an exe, the malware itself, which should load other payloads. Today, however, it is unknown which

The global campaign to convey Guloader continues. The text of the email changes, but the system is always the same. The compressed attachment in Xz format contains an exe file, the malware itself.

This should theoretically download other payloads, but it is currently not possible to detect which ones they are.

In the past, Guloader has been used by cybercrime to carry different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.