MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Guildma


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52
SHA3-384 hash: 3a7a504480acbc6953f2c9f52928d3ccf6e3c328d9668ae6af4d9343fadd7ad409a4f2df3b2eda8d69ae5a420a732245
SHA1 hash: 75bf05268ea775b5bc04e57948cf3dcb04c75f51
MD5 hash: fc5cf4deb7164d8b243933d600862615
humanhash: november-glucose-spring-undress
File name:guildma.jse
Download: download sample
Signature Guildma
Create hunting rule
File size:6'655 bytes
First seen:2025-12-30 15:27:40 UTC
Last seen:Never
File type:JScript (JSE) jse
MIME type:text/xml
ssdeep 192:+m9TOW3rAX4/bY6ULaMC4MwwhuKTzhiGsQEtPay:hdOiWnLfOwwYKxED
TLSH T19AD172ABB05F91AB017301190A398180BA1DE5EBF46DEAF57529F17CD3F0A08B1D4425
Magika xml
Reporter abuse_ch
Tags:ascii Astaroth guildma jse xml

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.PUA.JS.Shell-3.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6953ef8f7d915bf1778f0978
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6953ef8e148c21e830ee951b/reports/e050a545-804d-4447-832c-ec3f08b65571/overview
Verdict:
Malicious
Labled as:
Dump:Generic.XML.JSLoader.2
Link:
https://www.hybrid-analysis.com/sample/e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52
Verdict:
Malicious
File Type:
sct
First seen:
2025-12-30T12:32:00Z UTC
Last seen:
2025-12-30T23:57:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Script.Generic
Link:
https://opentip.kaspersky.com/e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1842122
Signature
Multi AV Scanner detection for submitted file
Sigma detected: WScript or CScript Dropper
Behaviour
Behavior Graph:
Download SVG
Score:
86%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52/
Verdict:
Malicious
Threat:
Family.GUILDMA
Link:
https://tip.neiki.dev/file/e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52
Threat name:
Script-JS.Dropper.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-30 15:28:14 UTC
File Type:
Text (XML)
AV detection:
4 of 36 (11.11%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=42q7wqblqcvwhrxv572mexsovz2mz545bkhsvl77qs4f4arqdnja._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Guildma

Visual Basic Script (vbs) vbs 0591f678a04cd9d8135af11a800dd93c97a0a9d4c39ca49c493dc75960dc04e5

Guildma

JScript (JSE) jse e6a1fb402b80ab63c6f5eff4c25e4eae74ccf79d0a8f2aafff84b85e02301b52

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3746464/
  
Dropped by
MD5 92cf042794ee74850a7b90358fe75191
  
Dropped by
SHA256 0591f678a04cd9d8135af11a800dd93c97a0a9d4c39ca49c493dc75960dc04e5
  
Delivery method
Distributed via web download

Comments