MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 421ae9597d6b602b2c82944ea41c5ed9fd72535c8b890ef1f71d2c745d751c6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Guildma


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 421ae9597d6b602b2c82944ea41c5ed9fd72535c8b890ef1f71d2c745d751c6c
SHA3-384 hash: 5fc1cec5f2bff0169e57de3b8b960bde1f1196d4de137f47fee56df8c019ffe65ab61a261cf0418e62034f0a309b4923
SHA1 hash: 274ab405fa7fc64f97a389ee5ce2c6533c0a936c
MD5 hash: 119581ed561115fc33fc08a292fff64f
humanhash: quebec-football-louisiana-vegan
File name:loader.sct
Download: download sample
Signature Guildma
Create hunting rule
File size:9'101 bytes
First seen:2021-08-12 14:14:12 UTC
Last seen:Never
File type:unknown
MIME type:text/xml
ssdeep 192:I3YRMfghQ/cgJ62zkU3xpGwJtCEcSk6qffK1gqWG0BJL7cKnveS/RSTrr5N/jmpi:I3YRMfgC//U2zkU3/GktCEcbrnK38JLa
TLSH T18D123408A613B02F7A7112190533085CFFF1A86A75A985823F58DE877DB33661BE2F4D
Reporter warz_s
Tags:Astaroth bitsadmin brazil dropper guildma

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'304
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.JS.DownLoader.5803.19859.31485.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Malicious Scriptlet 1 of 7
Detected a malicious pivot typically seen during the 'file-less' pivot commonly seen in malware carriers.
Hidden Powershell
Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/421ae9597d6b602b2c82944ea41c5ed9fd72535c8b890ef1f71d2c745d751c6c/
Threat name:
Document-HTML.Exploit.BitsAdmin
Create hunting rule
Status:
Malicious
First seen:
2021-08-12 14:15:07 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/421ae9597d6b602b2c82944ea41c5ed9fd72535c8b890ef1f71d2c745d751c6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

41ccb9bf09478670775bd2bc5bc4bf2470d6762478c976cf112b4994d4cbcb89

Banload

Shortcut (lnk) lnk 98ca9e1847d490b88b302a2ac2194c96edc593a3a1c7328b137deedb68dc1b8a

Guildma

unknown 421ae9597d6b602b2c82944ea41c5ed9fd72535c8b890ef1f71d2c745d751c6c

(this sample)

a489ad617f60733a24924b46be2441b4f46f6713e699ec9a44676e8f068e49a0

  
Link
https://malpedia.caad.fkie.fraunhofer.de/details/win.astaroth
  
Link
https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/
  
Dropped by
SHA256 98ca9e1847d490b88b302a2ac2194c96edc593a3a1c7328b137deedb68dc1b8a
  
Dropping
SHA256 a489ad617f60733a24924b46be2441b4f46f6713e699ec9a44676e8f068e49a0
  
Dropping
SHA256 181d94482b90867f470ecfaa5d944bf35e302e65fb9650343de6f45cf9328fbc
  
Dropping
SHA256 7921fd507476746bfd1e277ef9d21b9180433f76a8a6384845f7c0d681ffde7d
  
Dropping
SHA256 412a6b755b2029126d46e7469854add3faa850f5a4700dd1e078fcc536ca418a
  
Delivery method
Distributed via web download

Comments