skip to Main Content

Cybercrime, unknown malware spread via Guloader by DHL themed campaign

Technical analysis by the Malware Hunter JAMESWT

Unknown malware spread via Guloader by DHL themed campaign. The gz attachment in a fake email from the courier contains an exe: the loader, which contacts a url and downloads the malware. However, the final payload is unknown

A fake DHL email on a shipment is the bait to spread unknown malware via Guloader.

The gz attachment contains an exe file: the loader itself, which contacts another url and downloads the final payload. It is not clear at the moment what it is. Guloader has been used by cybercrime to carry different types of information stealers such as AgentTesla / Origin Logger, FormBook, NanoCore RAT, Netwire RAT, Remcos RAT, Ave Maria / Warzone RAT and Parallax RAT.

Back To Top