|
Hash | Hash Value |
|---|---|
| MD5 | 0574d4b7b42c39b918d0d58d149c9438
|
| Sha1 | d5a64154219b788c056f388810ea5c67b0474569
|
| Sha256 | 1480dabe89af53f798ac93d4606d37ad8a1e6938dc054460ed4d8548f5e18d70
|
| Sha384 | a7433d2b12018f10c3e478c1f760ee08dff10d702f1519aeb35b1f6a42d7be573ede5f7c827ba38fd763411b50da69bf
|
| Sha512 | 9fff5c8860038991acbfcdeeba4e571ea468f05d5587944b8afcb3b2ba34c2b9069bca03ed2f37a22d9bc3b1e58ce15e39d29ea4adbd93ff8993e7e996e8c082
|
| SSDeep | 24576:yZ2LFcFJTiY8fg0YwtFPS1O3Icb3O6fpAJgMm8aWzy:yMFcF0SYVS1OYOO6BAHJzy
|
| TLSH | 863523A66CD64F9FD4C70A39941BCD0CC35FEDCD2287E12BB2197621683673A66871C2
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | powershell "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, "yankee_agent78.ps1") " run "PowerShell" "hidden" shell.run "powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File "" & psscript & @(""", 0, [Unmanaged(ErrorExpressionAst)] ,) false |
| Deobfuscated PowerShell | "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, " yankee_agent78.ps1) run "PowerShell" "hidden" shell.run @("powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File " & psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] ] , false |
| Deobfuscated PowerShell | psscript & "", 0, [Unmanaged(ErrorExpressionAst)] ,) false" |
| Deobfuscated PowerShell | psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ] "false" |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | powershell "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, "yankee_agent78.ps1") " run "PowerShell" "hidden" shell.run "powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File "" & psscript & @(""", 0, [Unmanaged(ErrorExpressionAst)] ,) false Malicious |
0574d4b7b42c39b918d0d58d149c9438 > VbsFile > [PowerShell Command] |
| Deobfuscated PowerShell | "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, " yankee_agent78.ps1) run "PowerShell" "hidden" shell.run @("powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File " & psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] ] , false Malicious |
0574d4b7b42c39b918d0d58d149c9438 > VbsFile > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | psscript & "", 0, [Unmanaged(ErrorExpressionAst)] ,) false" Malicious |
0574d4b7b42c39b918d0d58d149c9438 > VbsFile > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command] |
| Deobfuscated PowerShell | psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ] "false" Malicious |
0574d4b7b42c39b918d0d58d149c9438 > VbsFile > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |