Unknown malware via VBS & fake eml file


#1

Got a very strange one that I can’t quite work out. I received a submission via our system with the message that he had quite few “phishing” type emails with all the same link, but couldn’t get  anything. I tried the link from A UK Bt dynamic IP addreess & got diverted to a payload. I then ran that payload through Anyrun which decoded the powershell script in the vbs file.  Anyrun couldn’t get any payload from that. I could however manually. And that is where I am stuck. I have run the final payload through anyrun which shows various … Continue reading →

Article Link: https://myonlinesecurity.co.uk/unknown-malware-via-vbs-fake-eml-file/