SHA1:19eee9336a4527eb76cd2ac69321727f159ad057
I submitted this to eset yesterday but it is not added to the detection so far. Meanwhile the detection on VT is increasing. It is exhibiting some suspicious behavior but I feel it is a bit strange. Is this file malicious?
This originally comes from a potentially phishing mail (so social engineering wise, it is already suspicious enough)
It is exhibiting some very suspicious behavior, like vbs drop, add autostart, query security products and UUID, and write files to sensitive paths... But I am not sure about if these are enough to be categorized as "malicious". Most detections of this file on VT are either machine learning/heur and generated by auto pipeline, no concrete signature detections so far though.