Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Medium
COVID-19 continues to be a leading lure to unsuspecting victims in malspam campaigns. The latest report from researchers has shown a sharp spike in this campaign since March 2020. The usage of GuLoader has shown the COVID-19 lures have shown no signs of slowing. Invoicing, COVID-1, and wire transfers are the latest in subjects that are employed in the campaign. Each of the malspam contains an attachment that is implanted with GuLoader. GuLoader is a popular RAT distribution program. This can allow attackers to control, monitor, and steal information from infected machines. Utilizing cloud services, the payload is kept encrypted. The malware is allocated within virtual memory and decrypted via XOR with read, write, and execute access. The payload is stored within a Google Drive folder. Anti-analysis techniques are employed such as an anti-debugger. GuLoader also creates a folder in which to place a copy of itself as well as modifying a registry key to achieve persistence. Using process hollowing, the malware will use the child processes to download, decrypt, and map the payload into memory. Common payloads include: Formbook, NetWire, Remcos, Lokibot, and others.