Key Findings GootLoader malware is using a malformed ZIP archive with 500-1,000 concatenated ZIP files to evade detection The malicious ZIP file is designed to trigger parsing errors in many unarchiving tools, but can still be extracted by the default Windows unarchiver GootLoader employs "hashbusting" techniques by randomizing values in non-critical ZIP file fields to generate unique payloads for each victim The attack involves delivering the malicious ZIP as an XOR-encoded
