General
-
Target
Booking_Payment.vbs
-
Size
4KB
-
Sample
211021-wyrecsafa9
-
MD5
18ac5f0f564e29f3ab4f8a48fdea9ecc
-
SHA1
47216392c30357a1de277c89703765ac8305f603
-
SHA256
2853fdee44775a8aec2874b28c52d10537ce6f383ce53f3a610f45c9c82fa212
-
SHA512
e5d71ba533a21554f142e471648e9032568872893275756684a9967b4bae4cd352ae70793b0358e1894808cf515a2f9b46431a05fbc4a50d88adaa3caab595a7
Static task
static1
Behavioral task
behavioral1
Sample
Booking_Payment.vbs
Resource
win7-en-20210920
Malware Config
Extracted
http://13.230.14.133/bypass.txt
Targets
-
-
Target
Booking_Payment.vbs
-
Size
4KB
-
MD5
18ac5f0f564e29f3ab4f8a48fdea9ecc
-
SHA1
47216392c30357a1de277c89703765ac8305f603
-
SHA256
2853fdee44775a8aec2874b28c52d10537ce6f383ce53f3a610f45c9c82fa212
-
SHA512
e5d71ba533a21554f142e471648e9032568872893275756684a9967b4bae4cd352ae70793b0358e1894808cf515a2f9b46431a05fbc4a50d88adaa3caab595a7
-
BitRAT Payload
-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-