The malware received updates and changes in the sales vector.
Elastic Security Labs revealed new techniques for the GuLoader malware that make it harder to analyze and detect threats. The core functionality of GuLoader, which was first discovered at the end of 2019, has not changed significantly in recent years, but the constant updating of obfuscation methods makes its analysis time-consuming and resource-intensive.
GuLoader (CloudEyE) is an advanced shellcode-based malware downloader distributed through phishing campaigns. It is used to deliver various types of malware, including information theft, and includes sophisticated anti-analysis techniques to bypass traditional security solutions.
It is noted that GuLoader is now sold under a new name on the same platform as Remcos, and is advertised as a cryptor that makes its payload completely invisible to antivirus programs.
One of the latest changes in GuLoader is an improvement in the anti-analysis technique based on the use of Vectoredexception Handling (VEH). The method consists of disrupting the normal flow of code execution by intentionally generating a large number of exceptions and processing them in a vector exception handler that transfers control to a dynamically calculated address.
GuLoader is not the only malware that receives constant updates. Another example is DarkGate, a Remote Access Trojan (RAT) that allows attackers to completely compromise victims ' systems. Sold under the Malware-as-a-Service (MaaS) model for $15,000 per month, DarkGate uses phishing emails containing links to spread the initial infection vector: a VBScript file or Microsoft Software Installer (MSI).
The latest version of DarkGate (5.0.19) introduces a new execution engine using DLL Sideloading, improved shellcodes and loaders, and a completely redesigned RDP password theft feature.
Elastic Security Labs revealed new techniques for the GuLoader malware that make it harder to analyze and detect threats. The core functionality of GuLoader, which was first discovered at the end of 2019, has not changed significantly in recent years, but the constant updating of obfuscation methods makes its analysis time-consuming and resource-intensive.
GuLoader (CloudEyE) is an advanced shellcode-based malware downloader distributed through phishing campaigns. It is used to deliver various types of malware, including information theft, and includes sophisticated anti-analysis techniques to bypass traditional security solutions.
It is noted that GuLoader is now sold under a new name on the same platform as Remcos, and is advertised as a cryptor that makes its payload completely invisible to antivirus programs.
One of the latest changes in GuLoader is an improvement in the anti-analysis technique based on the use of Vectoredexception Handling (VEH). The method consists of disrupting the normal flow of code execution by intentionally generating a large number of exceptions and processing them in a vector exception handler that transfers control to a dynamically calculated address.
GuLoader is not the only malware that receives constant updates. Another example is DarkGate, a Remote Access Trojan (RAT) that allows attackers to completely compromise victims ' systems. Sold under the Malware-as-a-Service (MaaS) model for $15,000 per month, DarkGate uses phishing emails containing links to spread the initial infection vector: a VBScript file or Microsoft Software Installer (MSI).
The latest version of DarkGate (5.0.19) introduces a new execution engine using DLL Sideloading, improved shellcodes and loaders, and a completely redesigned RDP password theft feature.
