MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Guildma

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2
SHA3-384 hash:	c2892cb103d627ba66a33449b76895f4680ab95758c87a6df9d1d3bde75aab662fc4f46c9ff2bc1b22d378752eafe710
SHA1 hash:	0a75acb9661b3c8b3a4517e50f7e84df043f6f4c
MD5 hash:	33512042901c0eaae7e122f9f5dc9677
humanhash:	fanta-oscar-skylark-berlin
File name:	CopiProcesso_2023_1660455385040860.296446.38720..zip
Download:	download sample
Signature	Guildma Create hunting rule
File size:	657 bytes
First seen:	2023-04-28 16:19:03 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12:5jELPEtTGKOphBRpirOxqLPy8i20dUakhDfp0KajgLPDtTHdtafX:9sEgKyPRpiyxuav20dKDh0KgQDE
TLSH	T1C1012351B37889A0E4BC2B7D522F03C59CDD42529F0697C956DCDB515EAC016B32021E
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	FXOLabs
Tags:	guildma zip

Intelligence

File Origin

# of uploads :

# of downloads :

997

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	CopiProcesso_2023_1660455385040860.296446.38720.lNk
File size:	1'023 bytes
SHA256 hash:	fea054240f1cc9a596c81e6240f6c0c5af57d92b711b7d7be044357b0e83b970
MD5 hash:	defa3160417aaaedf4a7af9bb9c5bb57
MIME type:	application/octet-stream
Signature	Guildma

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL

Sanesecurity.Malware.28755.LnkHeur.UNOFFICIAL

Sanesecurity.Malware.28754.LnkHeur.UNOFFICIAL

TwinWave.EvilLNK.CMDLineCarrotsFoundationsOfDecay.M2.20220516.UNOFFICIAL

TwinWave.EvilLNK.CMDLineCarrotsFoundationsOfDecay.M3.20221011.UNOFFICIAL

TwinWave.EvilLNK.UnicodeSEOUL.20230417.UNOFFICIAL

Result

Verdict:

Malicious

File Type:

LNK File - Malicious

Link:

https://app.docguard.net/c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cmd conhost wscript

Link:

https://www.filescan.io/uploads/644bf1fc83c50e4c7d29225f/reports/f8590b7c-7762-4a44-8f34-9ec0e8bfc910/overview

Verdict:

Malicious

Labled as:

Trojan.WinLNK.Agent

Link:

https://www.hybrid-analysis.com/sample/c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2

Result

Verdict:

SUSPICIOUS

Link:

https://labs.inquest.net/dfi/sha256/c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2/

Threat name:

Shortcut.Trojan.Runner

Status:

Malicious

First seen:

2023-04-28 16:20:06 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

3 of 37 (8.11%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y6vb7fmqkubgebouqvuozf2dvsrkp6kitkuuoctwxvxpswt2xlja._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/230428-xw3kaahg8s/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c7aa1f959055026205d48568ec9743aca2a7f9489aa9470a76bd6ef95a7abad2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample