A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, the global Guloader campaign continues
Technical analysis by the Malware Hunter JAMESWT
The global campaign to convey Guloader continues. The email text email changes, but the system is always the same. Xz attachment contains an exe, the malware itself, which should load other payloads. Today, however, it is unknown which
The global campaign to convey Guloader continues. The text of the email changes, but the system is always the same. The compressed attachment in Xz format contains an exe file, the malware itself.
This should theoretically download other payloads, but it is currently not possible to detect which ones they are.
In the past, Guloader has been used by cybercrime to carry different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.