Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
13ae6bbc45e9e9640d31f50e98a73adc
Sha1
eb8c2ab3180a4b3bbfaa487d1429a6679643836c
Sha256
80155524fa14d3e79fc52dda7ebb6210f9952d5b642ee604d24bc3751891b335
Sha384
876b8fcd59ae481f7d3ad92ad69f713b479ca45b20401bbce85d268023a20f6c3145daae7c5e750053990aa90e0a606f
Sha512
4d1b50bef54199e4b91638cde656216f1b3246ec786b252436cb66e75bd05e30844a8f975e24685ba7efae83291abf3bba0175e7178fdb45fad3fa7deb735139
SSDeep
98304:UdUv+kBskKonJvreBhdsiOKbJX7VMy0QUFIxSo9F6uW4o0Hug1A60LrJ:UdO+PkTtir3tGy0FykoCuWzS1j0LrJ
TLSH
A2263379F2462A8F8CAB4DB502328E62B5019645287BCCD9237225C17B73F572D3B49F
File Structure
13ae6bbc45e9e9640d31f50e98a73adc
Malicious
gmail
Malicious
mozilla.vbs
Malicious
mservice.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RANDOMX
_TEXT_CN
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
mservice.vbs
Malicious
ps.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
BIN
ID:0032
ID:1033
RT_STRING
ID:0026
ID:1033
ID:0027
ID:1033
pss.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.pdata
.idata
.fptable
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1033
RuntimeHost.exe
7z-stream @ 0x0015CBB4.7z
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.code
.reloc
Update.xml
walls.vbs
Malicious
walls.vbs.deobfuscated.vbs
Malicious
WinRing0x64.sys
[Authenticode]_ccc217df.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
INIT
.rsrc
Resources
RT_VERSION
ID:0001
ID:1033
x.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.code
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
Artefacts
Name
 Value
URLs in VB Code - #1

https://ipapi.co/country/
URLs in VB Code - #2

http://schemas.microsoft.com/cdo/configuration/smtpserver
URLs in VB Code - #3

http://schemas.microsoft.com/cdo/configuration/sendpassword
URLs in VB Code - #4

http://schemas.microsoft.com/cdo/configuration/smtpserverport
URLs in VB Code - #5

http://schemas.microsoft.com/cdo/configuration/smtpauthenticate
URLs in VB Code - #6

http://schemas.microsoft.com/cdo/configuration/sendusername
URLs in VB Code - #7

http://schemas.microsoft.com/cdo/configuration/sendusing
URLs in VB Code - #8

http://schemas.microsoft.com/cdo/configuration/smtpusessl
URLs in VB Code - #1

https://lmtop.ma/wp-content/uploads/2018/05/1300.png
URLs in VB Code - #2

https://pastebin.com/K9rHTWbB
URLs in VB Code - #1

https://ipapi.co/country/
URLs in VB Code - #2

http://schemas.microsoft.com/cdo/configuration/smtpserver
URLs in VB Code - #3

http://schemas.microsoft.com/cdo/configuration/sendpassword
URLs in VB Code - #4

http://schemas.microsoft.com/cdo/configuration/smtpserverport
URLs in VB Code - #5

http://schemas.microsoft.com/cdo/configuration/smtpauthenticate
URLs in VB Code - #6

http://schemas.microsoft.com/cdo/configuration/sendusername
URLs in VB Code - #7

http://schemas.microsoft.com/cdo/configuration/sendusing
URLs in VB Code - #8

http://schemas.microsoft.com/cdo/configuration/smtpusessl
13ae6bbc45e9e9640d31f50e98a73adc (4.65 MB)
File Structure
13ae6bbc45e9e9640d31f50e98a73adc
Malicious
gmail
Malicious
mozilla.vbs
Malicious
mservice.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RANDOMX
_TEXT_CN
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
mservice.vbs
Malicious
ps.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
BIN
ID:0032
ID:1033
RT_STRING
ID:0026
ID:1033
ID:0027
ID:1033
pss.exe
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.pdata
.idata
.fptable
.rsrc
.reloc
Resources
RT_RCDATA
ID:0000
ID:1033
RuntimeHost.exe
7z-stream @ 0x0015CBB4.7z
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.code
.reloc
Update.xml
walls.vbs
Malicious
walls.vbs.deobfuscated.vbs
Malicious
WinRing0x64.sys
[Authenticode]_ccc217df.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
INIT
.rsrc
Resources
RT_VERSION
ID:0001
ID:1033
x.exe
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.code
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:1033
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

https://ipapi.co/country/

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #2

http://schemas.microsoft.com/cdo/configuration/smtpserver

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #3

http://schemas.microsoft.com/cdo/configuration/sendpassword

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #4

http://schemas.microsoft.com/cdo/configuration/smtpserverport

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #5

http://schemas.microsoft.com/cdo/configuration/smtpauthenticate

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #6

http://schemas.microsoft.com/cdo/configuration/sendusername

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #7

http://schemas.microsoft.com/cdo/configuration/sendusing

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #8

http://schemas.microsoft.com/cdo/configuration/smtpusessl

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mozilla.vbs
URLs in VB Code - #1

https://lmtop.ma/wp-content/uploads/2018/05/1300.png

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mservice.vbs
URLs in VB Code - #2

https://pastebin.com/K9rHTWbB

13ae6bbc45e9e9640d31f50e98a73adc > gmail > mservice.vbs
URLs in VB Code - #1

https://ipapi.co/country/

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #2

http://schemas.microsoft.com/cdo/configuration/smtpserver

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #3

http://schemas.microsoft.com/cdo/configuration/sendpassword

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #4

http://schemas.microsoft.com/cdo/configuration/smtpserverport

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #5

http://schemas.microsoft.com/cdo/configuration/smtpauthenticate

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #6

http://schemas.microsoft.com/cdo/configuration/sendusername

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #7

http://schemas.microsoft.com/cdo/configuration/sendusing

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
URLs in VB Code - #8

http://schemas.microsoft.com/cdo/configuration/smtpusessl

13ae6bbc45e9e9640d31f50e98a73adc > gmail > walls.vbs
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙