Technical analysis by the Malware Hunter JAMESWT

The Guloader campaign is back in Italy via a false quotation. There are 2 emails with different attachments, zip and exe files inside. The malware, however, is the same. It is not known what it downloads next

The Guloader campaign is back in Italy, via a false e-mail about a request for a quotation as a vehicle. At the moment there are two messages in circulation with as many documents compressed in lzh and gz format with a different zip inside.

These each contain a different exe file, which however, is the same malware. By opening it, the infection chain is activated. Guloader should theoretically download other payloads, but at the moment it is not possible to detect which they are. In the past, malware has been used by cybercrime to carry different types of information stealers such as Agent Tesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.