General
-
Target
Appraisal.vbs
-
Size
706B
-
Sample
210426-zemd4ja3x6
-
MD5
b201aa5242dd9b32ec9c38e1f999c723
-
SHA1
61ab2c43d19c6441e394561e0441890168b9a9ab
-
SHA256
d2d9b66c9aad0e6cc20a786a89299a8b4a65a5a344db369dfd7bfbad3fb40b55
-
SHA512
a21aeb8a0ec963875d75ba4920f3bde9a134717a910b94a2743ab7051dabe9e17a5e0a15aeb51be26373f0cb6313b6c964bef2ebb318061074399296d5c5ddfc
Static task
static1
Behavioral task
behavioral1
Sample
Appraisal.vbs
Resource
win7v20210408
Malware Config
Extracted
https://ia601406.us.archive.org/10/items/all_20210426/ALL.TXT
Extracted
remcos
185.19.85.168:1723
Targets
-
-
Target
Appraisal.vbs
-
Size
706B
-
MD5
b201aa5242dd9b32ec9c38e1f999c723
-
SHA1
61ab2c43d19c6441e394561e0441890168b9a9ab
-
SHA256
d2d9b66c9aad0e6cc20a786a89299a8b4a65a5a344db369dfd7bfbad3fb40b55
-
SHA512
a21aeb8a0ec963875d75ba4920f3bde9a134717a910b94a2743ab7051dabe9e17a5e0a15aeb51be26373f0cb6313b6c964bef2ebb318061074399296d5c5ddfc
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-