Concrete signature match: Trojan - Appears legitimate but performs malicious actions for VBScript platform, family GuLoader
Trojan:VBS/GuLoader.RBK!MTB is a VBScript-based GuLoader variant, a sophisticated downloader detected through machine learning behavioral analysis. This threat is designed to fetch and execute secondary malware payloads, such as information stealers or remote access Trojans, often using deceptive process names like dolcan.exe or amalgameret.exe.
Relevant strings associated with this threat: - dolcan.exe (PEHSTR_EXT) - Regions Financial Corp. (PEHSTR_EXT) - amalgameret.exe (PEHSTR_EXT)
98d73d3a7bbc47cdfbd869fe511e9164a1aab7bcf1d4996ba2f99506a82395dfe6f300bff6975e878e39b0575190ab7b40349f41b8f442906169c8b6a19a7a5eImmediately isolate the infected system to prevent further compromise. Perform a full system scan with updated antivirus software to remove the detected Trojan and any secondary malware payloads it may have dropped. Investigate for persistence mechanisms, unauthorized network connections, and signs of additional compromise. Consider a system reimage if a deep or complex infection is suspected.