Edit tour
Windows
Analysis Report
tregrene-KaufVertraeg-JoachimSvensson-23564334.vbs
Overview
General Information
| Sample Name: | tregrene-KaufVertraeg-JoachimSvensson-23564334.vbs |
| Analysis ID: | 560422 |
| MD5: | b8fbb413a49b2f05872cb38372454664 |
| SHA1: | 2071d3476c94b3cfc924b31c705806e78df674a8 |
| SHA256: | cffa320db9834e3f224aa5961073fc9d0cb14f34c6430ffa2d7468da7da7ce32 |
| Infos: |   |
 | |
Detection
Remcos GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Yara detected Remcos RAT
Detected Remcos RAT
Yara detected GuLoader
Hides threads from debuggers
Creates an autostart registry key pointing to binary in C:\Windows
Writes to foreign memory regions
Tries to detect Any.run
Wscript starts Powershell (via cmd or directly)