Malicious
Malicious

1ecf8888f6a7f128449d8d008e142dc4

VBScript
|
MD5: 1ecf8888f6a7f128449d8d008e142dc4
|
Size: 193.51 KB
|
text/vbscript

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1ecf8888f6a7f128449d8d008e142dc4
Sha1
87eba8b9ab8988d6969a41528cbdf04d4b79a67b
Sha256
9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3
Sha384
15ab8a301a71bcd2d412d6d0833b0930beeb79a0f688a15c851b8332dcc80cf332b1aea3d773039397f850cf33a3e02c
Sha512
d50ee7df20703b88ba94cb2a56dd912e5bc9345e505b2c586d470a067fcbda151680229b89fd0a62bf2ed7110d64b0de53fba23dac224ef98d01a98a208dafbb
SSDeep
3072:wibzj5goRfSUPjNf2AoR63n/+M3LV4HTdUDWTmMP4xP2IIoOX:wibf5gofScRAR6XGKCHTdUDtMPqPyR
TLSH
D8149E2A5E8931288BBA534296DE3C8567D2234A7A734C8EB40DD0CDC5FB5E4E6CD07D
File Structure
1ecf8888f6a7f128449d8d008e142dc4
Malicious
[Base64-Block@0x0000328E]
[Base64-Block-Decoded]
Malicious
Artefacts
Name
 Value
URLs in VB Code - #1

http://185.168.208.228
URLs in VB Code - #2

https://long-king-02b7.5ekz2z6pjk.workers.dev
URLs in VB Code - #3

https://che
URLs in VB Code - #4

https://check-ho
URLs in VB Code - #5

https://check-host
URLs in VB Code - #6

https://check-host.net/
URLs in VB Code - #7

https://check-host.net/ip
URLs in VB Code - #8

https://check-host.net/ip-in
URLs in VB Code - #9

https://check-host.net/ip-info
URLs in VB Code - #10

https://check-host.net/ip-info?ho
URLs in VB Code - #11

https://check-host.net/ip-info?host=
URLs in VB Code - #12

https://check-host.net/ip-info?host=tillthesunrise.sytes.net
1ecf8888f6a7f128449d8d008e142dc4 (193.51 KB)
File Structure
1ecf8888f6a7f128449d8d008e142dc4
Malicious
[Base64-Block@0x0000328E]
[Base64-Block-Decoded]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://185.168.208.228

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #2

https://long-king-02b7.5ekz2z6pjk.workers.dev

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #3

https://che

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #4

https://check-ho

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #5

https://check-host

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #6

https://check-host.net/

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #7

https://check-host.net/ip

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #8

https://check-host.net/ip-in

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #9

https://check-host.net/ip-info

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #10

https://check-host.net/ip-info?ho

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #11

https://check-host.net/ip-info?host=

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
URLs in VB Code - #12

https://check-host.net/ip-info?host=tillthesunrise.sytes.net

1ecf8888f6a7f128449d8d008e142dc4 > [Base64-Block@0x0000328E] > [Base64-Block-Decoded]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙