Malicious

02dccf5efe741c8d5c99900a715c7fb0

VBScript
|
MD5: 02dccf5efe741c8d5c99900a715c7fb0
|
Size: 38.96 KB
|
text/vbscript

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	02dccf5efe741c8d5c99900a715c7fb0
Sha1	77018033aacac7a80d79076edab61de89b6d9ab2
Sha256	804891181dc38281505fb08b0217e62c6e7a91301009fae1fd7a50ca29336402
Sha384	260b6d6fc0aba4e0165797f0a0503b94b9398b789c9c7bc56430cab8a50356e2d90140d8f79230ec9b323268fda8cba9
Sha512	a2900811bcd366fb070a559a463f4694832e0db2c266a2cf93f971dae8560f7971787e8648703ba5e10258c2af7c0943bb7200c06b6e21bd76c85374c7b610ba
SSDeep	384:IjnHWUg7MMAnRxvOBxVZuo+ADv+311mCvNo0BoxbTbtbS0KokgqsomuKuyJzSdyt:Gn5RcYTW0mxxmTIoyl5oQ
TLSH	6E03C602BC0BC96544F6B3A676A7CC0DD776E3A368228E14359CCC55CF35E9C9AE40DA

File Structure

Artefacts

Name0	Value
URLs in VB Code - #1	http://lcryptordecrypt7xfzq5tclm9jzpwq72uofgy2znkdsxm54zbcu2yid.onion
URLs in VB Code - #2	http://www.google.com
URLs in VB Code - #3	https://i.ibb.co/Z1bqDB2d/20250429-200949.jpg
URLs in VB Code - #4	https://ragebot.fun/
URLs in VB Code - #5	https://www.google.com/search?q=free+antivirus
URLs in VB Code - #6	https://www.google.com/search?q=antivirus
URLs in VB Code - #7	https://www.google.com/search?q=how
URLs in VB Code - #8	http://kaspersky.com/
URLs in VB Code - #9	https://www.bitdefender.com/en-us/consumer/free-antivirus
URLs in VB Code - #10	https://www.avast.com
URLs in VB Code - #11	https://www.avg.com
URLs in VB Code - #12	http://78.153.140.66/xmrig.exe
Deobfuscated PowerShell	Set-MpPreference -DisableRealtimeMonitoring $true

02dccf5efe741c8d5c99900a715c7fb0 (38.96 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
URLs in VB Code - #1	http://lcryptordecrypt7xfzq5tclm9jzpwq72uofgy2znkdsxm54zbcu2yid.onion	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #2	http://www.google.com	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #3	https://i.ibb.co/Z1bqDB2d/20250429-200949.jpg	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #4	https://ragebot.fun/	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #5	https://www.google.com/search?q=free+antivirus	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #6	https://www.google.com/search?q=antivirus	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #7	https://www.google.com/search?q=how	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #8	http://kaspersky.com/	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #9	https://www.bitdefender.com/en-us/consumer/free-antivirus	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #10	https://www.avast.com	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #11	https://www.avg.com	02dccf5efe741c8d5c99900a715c7fb0
URLs in VB Code - #12	http://78.153.140.66/xmrig.exe	02dccf5efe741c8d5c99900a715c7fb0
Deobfuscated PowerShell	Set-MpPreference -DisableRealtimeMonitoring $true Malicious	02dccf5efe741c8d5c99900a715c7fb0 > 02dccf5efe741c8d5c99900a715c7fb0.deobfuscated.vbs > [Command #1] > [PowerShell Command]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙