Concrete signature match: Trojan - Appears legitimate but performs malicious actions for VBScript platform, family GuLoader
Trojan:VBS/GuLoader.RBJ!MTB is a highly confident concrete detection of a VBScript-based GuLoader Trojan, identified through machine learning behavioral analysis. This threat functions as a sophisticated downloader, designed to fetch and execute secondary, more potent malicious payloads, significantly increasing the risk of subsequent system compromise and data exfiltration.
Relevant strings associated with this threat: - \Activate\Cannibalization\Distractible (PEHSTR_EXT) - konebytningens\purismen\pygmaean (PEHSTR_EXT) - %Azoturia%\lumina (PEHSTR_EXT) - animhdr vicevrtens.exe (PEHSTR_EXT) - Siliciumets\trykketeknikkerne\livsforsikringens (PEHSTR_EXT) - %Pseudoanatomic%\Krocket22 (PEHSTR_EXT) - 5\Snorkel.Eve (PEHSTR_EXT) - semicollegiate.exe (PEHSTR_EXT)
dec4521ef1688d3a113fc505cb0c11e1694b760a3c3e34fee7cc7a42445b93db7f627cdab1b4f563bc979f2ee5610cd58a7bfc5b3f487d5a649ed0db119fbf02f5ed5de812a2c6876241c4603d178874bb63ae268c80fa34ccd1375c99d6bd97Immediately isolate the affected system from the network. Perform a full, deep scan with updated antivirus software and remove all detected malicious files. Due to GuLoader's nature as a loader, thoroughly investigate the system for potential follow-on infections and consider re-imaging if compromise cannot be fully ruled out.