MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 1 File information 5 Yara Comments

SHA256 hash: f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a
SHA1 hash: 7cda05d12831d24fd3b02d6774a41ed4badaeaa9
MD5 hash: da1472dbc368d0f5dabd746736b118d2
File name:Detalles del pago.pdf.gz
Download: download sample
Signature GuLoader
File size:24'046 bytes
First seen:2020-05-23 11:53:04 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:5yeI9DzXOsWA+klf5lS1YGZHnsg6u3Uh2oADZrLPSJDSSGg5YEbMxKs/BQeR2i7F:It9DjWA+Y5oSMj6sA2x1MD9RbIzQeRbx
TLSH 58B2E19C0793547E1405522ED756DC2A10F3922EB3F7D30C6EE83376D19A3DA7985922
Reporter @abuse_ch
Tags:GuLoader gz

Malspam distributing GuLoader:

Sending IP:
From: Coreptec S.A. Christian Naranjo <>
Reply-To: Coreptec S.A. Christian Naranjo <>, Coreptec S.A. Christian Naranjo <>, Coreptec S.A. Christian Naranjo <>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 14.75%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



gz f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a

(this sample)

Delivery method
Distributed via e-mail attachment