MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara Comments

SHA256 hash: f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a
SHA1 hash: 7cda05d12831d24fd3b02d6774a41ed4badaeaa9
MD5 hash: da1472dbc368d0f5dabd746736b118d2
File name:Detalles del pago.pdf.gz
Download: download sample
Signature GuLoader
File size:24'046 bytes
First seen:2020-05-23 11:53:04 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:5yeI9DzXOsWA+klf5lS1YGZHnsg6u3Uh2oADZrLPSJDSSGg5YEbMxKs/BQeR2i7F:It9DjWA+Y5oSMj6sA2x1MD9RbIzQeRbx
TLSH 58B2E19C0793547E1405522ED756DC2A10F3922EB3F7D30C6EE83376D19A3DA7985922
Reporter @abuse_ch
Tags:GuLoader gz


Twitter
@abuse_ch
Malspam distributing GuLoader:

HELO: aa98419.online-server.cloud
Sending IP: 74.208.129.40
From: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coreptec.com>
Reply-To: Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>, Coreptec S.A. Christian Naranjo <Christian.Naranjo@coeptec.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.bat")

GuLoader payload URL:
https://drive.google.com/uc?export=download&id=1GHqRKU6aLAanHCqSOCTqnW3k_uhA0-Md

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
ClamAV No detection
VirusTotal:Virustotal results 14.75%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

gz f21a7ec0957e8b8e17b1e52716ad11a70dce9ddccbd56e52687209afa7205c3a

(this sample)

  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment

Comments