General
-
Target
Payment Advice.vbs
-
Size
4KB
-
Sample
210121-8j52q7pg46
-
MD5
afccc71a981fa3ea99bf0af6cbbfac4d
-
SHA1
125e81caad716d88d4be375c125156a673d1ecb0
-
SHA256
6f4f4f4b980e471c5f8f5d0d95bff5a7ec98e3e2377f18f7fc0d44828cbe33a6
-
SHA512
0ea2d841cb7f3a55a6304b1784adecc7e87aa43676583c67084dafe2d702267165873031ac3fd2f5e7aced18aba36a6a5283b03eca2cb754a75fb0ce65955fdd
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.vbs
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment Advice.vbs
Resource
win10v20201028
Malware Config
Extracted
remcos
creditdept01.myq-see.com:6800
Targets
-
-
Target
Payment Advice.vbs
-
Size
4KB
-
MD5
afccc71a981fa3ea99bf0af6cbbfac4d
-
SHA1
125e81caad716d88d4be375c125156a673d1ecb0
-
SHA256
6f4f4f4b980e471c5f8f5d0d95bff5a7ec98e3e2377f18f7fc0d44828cbe33a6
-
SHA512
0ea2d841cb7f3a55a6304b1784adecc7e87aa43676583c67084dafe2d702267165873031ac3fd2f5e7aced18aba36a6a5283b03eca2cb754a75fb0ce65955fdd
Score10/10-
Blocklisted process makes network request
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-