VERY IMPORTANT

In this Malware Analysis Spotlight, the VMRay Team will analyze a delivery chain that uses malicious e-mail attachments and GuLoader to spread AZORult. Our investigation started from a single sample that matched our AZORult v3 network communication YARA rule. We decided to get more background information and look for the delivery method. The delivery payload turned out to be an RTF document delivered as an email attachment and exploiting a vulnerability in one of Microsoft’s Office products.