Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tregrene-KaufVertraeg-JoachimSvensson-23564334.vbs

Overview

General Information

Sample Name:tregrene-KaufVertraeg-JoachimSvensson-23564334.vbs
Analysis ID:560422
MD5:b8fbb413a49b2f05872cb38372454664
SHA1:2071d3476c94b3cfc924b31c705806e78df674a8
SHA256:cffa320db9834e3f224aa5961073fc9d0cb14f34c6430ffa2d7468da7da7ce32
Infos:

Detection

Remcos GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Yara detected Remcos RAT
Detected Remcos RAT
Yara detected GuLoader
Hides threads from debuggers
Creates an autostart registry key pointing to binary in C:\Windows
Writes to foreign memory regions
Tries to detect Any.run
Wscript starts Powershell (via cmd or directly)