MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Guildma

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1
SHA3-384 hash:	9149326a408db9d8e1cc0f9c18b91db7c34e61c791a84a2fb8604e3ece48cfbf0dc9c1ab7dc802a1925f0462a4f3a0fd
SHA1 hash:	5197b8399301ec27feb1e6ae5a37168201b528e0
MD5 hash:	4699bac8d4d80144724c31a64f9e0c91
humanhash:	cat-sixteen-zulu-vegan
File name:	fk8a03.vbs
Download:	download sample
Signature	Guildma Create hunting rule
File size:	14'297 bytes
First seen:	2025-12-23 13:55:40 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	384:wlVgRGGo+40DBhZdex8M8+a4g3gfTURheS/BhRt/nxU9uksvDVoP:TDBJex8MlaCS/PXe9uksvRoP
TLSH	T12A524C1D1B072B9DB2614C929458307DAFE084D414329F6DA461E7E14CF8A8AF35BAFF
Magika	vba
Reporter	Anonymous
Tags:	guildma vbs

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45858/

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694a9f81038f10550b550403

Tags:

xtreme shell sage

Verdict:

Malicious

Labled as:

VBS/TrojanDownloader.Agent

Link:

https://www.hybrid-analysis.com/sample/6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1

Verdict:

Malicious

File Type:

vbs

First seen:

2025-12-23T11:09:00Z UTC

Last seen:

2025-12-23T11:31:00Z UTC

Hits:

~100

Detections:

Trojan-Downloader.JS.SLoad.sb HEUR:Trojan.VBS.SAgent.gen HEUR:Trojan.Script.Generic Trojan.VBS.SAgent.sb

Link:

https://opentip.kaspersky.com/6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1/results?tab=lookup

Score:

87%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1

Verdict:

Malware

YARA:

1 match(es)

Tags:

VBScript

Link:

https://app.malva.re/file/4699bac8d4d80144724c31a64f9e0c91

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1/

Verdict:

Malicious

Threat:

Trojan-Downloader.JS.SLoad

Link:

https://tip.neiki.dev/file/6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1

Threat name:

Script-WScript.Downloader.Iwill

Status:

Malicious

First seen:

2025-12-23 13:45:13 UTC

File Type:

Text (VBS)

AV detection:

8 of 24 (33.33%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nn24prjgawnimv3pzflt3d2vrc5tm6tg76627aywfc4ykxl6hlyq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/251223-rtj29sspct/

Behaviour

Script User-Agent

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Reads user/profile data of web browsers

Badlisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.68

Link:

https://yomi.yoroi.company/submissions/6b75c7c526059a86576fc9573d8f5588bb367a66ffbdaf831628b9855d7e3af1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/45858/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample