VERY IMPORTANT

Guloader is a downloader that has been widely used from December 2019. Several security researchers have identified the downloader in the wild, signifying that it has quickly gained popularity among threat actors. When it first appeared, GuLoader was used to download Parallax RAT, but has been applied to other remote access trojans and info-stealers such as Netwire, FormBook, and Tesla. Recently, the Morphisec Labs team noticed the downloader spreading in a targeted phishing email against a major bank. Although Parallax RAT was among the first malwares used with GuLoader, we noticed this particular campaign had Remcos RAT as the final payload. GuLoader is considered one of the most advanced downloaders, written in Visual Basic, and this often makes it difficult to scan for static analysis.