General
-
Target
Appraisal.property..vbs
-
Size
704B
-
Sample
210429-g93kpmbq7a
-
MD5
7058bdc13d0094b435eaa07b09e76297
-
SHA1
f9084f4c4f1756fd531007a8fd7a344207a4cd13
-
SHA256
a465bb35f4e7bafb2fea17156c39daee286e49c3f10463ecb8d29766e2d0b200
-
SHA512
1b0bfd576cfae09c9d997ea8a93fa07e9b353cd68076d6665d21a6b46940126593d3eeb78331375a64a94e0b332581e1a4207e9217b5bf142c1798ddf7a12ed7
Static task
static1
Behavioral task
behavioral1
Sample
Appraisal.property..vbs
Resource
win7v20210410
Malware Config
Extracted
https://ia601403.us.archive.org/35/items/all_20210429/ALL.TXT
Extracted
remcos
185.19.85.168:1723
Targets
-
-
Target
Appraisal.property..vbs
-
Size
704B
-
MD5
7058bdc13d0094b435eaa07b09e76297
-
SHA1
f9084f4c4f1756fd531007a8fd7a344207a4cd13
-
SHA256
a465bb35f4e7bafb2fea17156c39daee286e49c3f10463ecb8d29766e2d0b200
-
SHA512
1b0bfd576cfae09c9d997ea8a93fa07e9b353cd68076d6665d21a6b46940126593d3eeb78331375a64a94e0b332581e1a4207e9217b5bf142c1798ddf7a12ed7
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-