MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Guildma

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647
SHA3-384 hash:	d54d9712e2071ad4250b2a6478346a33bb800b009310626f9a87b54f789f52f02ba7fbbe8ebbffec3bf3e6f162ec821f
SHA1 hash:	2aa301eed3d4148df55e32c9d639e0f918d49cc2
MD5 hash:	b9cc76210a37e16f01b24a202ac53b61
humanhash:	london-fourteen-quebec-echo
File name:	377602682146.vbs
Download:	download sample
Signature	Guildma Create hunting rule
File size:	653 bytes
First seen:	2026-01-06 07:51:51 UTC
Last seen:	Never
File type:	vbs
MIME type:	text/plain
ssdeep	12:505M5w61664515Qtgpt1tgHCCcXS6Rt5mmtKc5rFIREBzSDFIUvflFVYTYlz7Aw:505M5w6Ab5159vC6zQHWBzyflFVYG7Aw
TLSH	T170F0E2280FB9D476C7AB0D0180FFFE892DC4A644111D33796C8FA80C6280E7A88B79F0
Magika	vba
Reporter	abuse_ch
Tags:	guildma vbs

Intelligence

File Origin

# of uploads :

1

# of downloads :

52

Origin country :

SE

Vendor Threat Intelligence

No detections

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/47819/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=695be721d2357cccc3dfb059

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

obfuscated pterodo

Link:

https://www.filescan.io/uploads/695cbf3119d1255be89c94d1/reports/6fff2294-13b8-4897-8a92-1739d22567df/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647

Verdict:

Malicious

File Type:

vbs

First seen:

2026-01-05T14:52:00Z UTC

Last seen:

2026-01-06T00:55:00Z UTC

Hits:

~10

Detections:

Trojan.JS.SAgent.sb HEUR:Trojan-Downloader.Script.Generic

Link:

https://opentip.kaspersky.com/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1845356

Signature

Multi AV Scanner detection for submitted file

Sigma detected: Script Initiated Connection to Non-Local Network

Sigma detected: WScript or CScript Dropper

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Behaviour

Behavior Graph:

Score:

87%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647

Verdict:

Malware

YARA:

1 match(es)

Tags:

VBScript

Link:

https://app.malva.re/file/b9cc76210a37e16f01b24a202ac53b61

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/

Verdict:

Malicious

Threat:

Trojan.JS.SAgent

Link:

https://tip.neiki.dev/file/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647

Threat name:

Script-WScript.Packed.Generic

Status:

Suspicious

First seen:

2026-01-05 16:30:23 UTC

File Type:

Text (VBS)

AV detection:

9 of 24 (37.50%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y6hkevhywbu6fz3zafsf3iw7s2nmsqqiygn6whiljsphnv5auzdq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/260106-jrf9layjhx/

Behaviour

Badlisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.57

Link:

https://yomi.yoroi.company/submissions/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647

File information

The table below shows additional information about this malware sample such as delivery method and external references.

zip d1bbffec25b258d8519b7e74cdad37715a3813bc64df8c2abd21b9d44076532b

vbs c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/47819/

Dropped by

SHA256 d1bbffec25b258d8519b7e74cdad37715a3813bc64df8c2abd21b9d44076532b

Dropped by

MD5 c0e524400b9846896daa956f39805e61

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample