Malicious
General
Structural Analysis
Config.0
Yara Rules3
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 3a6e8f87de17d032e3f8cecb5434c97a
|
| Sha1 | 6ab99fdd749e0b942a7392e1a7653fbfe6446121
|
| Sha256 | e6747188115677a5af28a011211333d099797f3d5e1e5aa1ddc7ce5fdd1eaf2e
|
| Sha384 | 16002ef069cff0e6e83c26a1c1eb0f5a375368867447a877621164a7df28a7166d5a04c4bf77c7dc9782eb497931efa8
|
| Sha512 | 1cb4a53a595aa8b3b7aec2f576074d1e7de360e505f021cb23cc739428a48a9cef2bd0523e8fe893474583623122bd3f0b752253a9134391bd2df89185d11f26
|
| SSDeep | 6144:B2fRFJRFRUWmh12TFJdqMu5x0OuAlGuUKw/9wcFZmDQ:BSR7Rzk8ljKx0OUKwG+mc
|
| TLSH | DB4412E2A69B0F25D156B73DF5B40CE629C470A08B636B4063E64D9FBB1E059C07D237
|
File Structure
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:conhost.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Malicious
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:conhost.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Malicious
[Lnk Summary]
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| LNK: Command Execution | conhost.exe --headless cmd /k "cmd < ~tmp.pdf:Participation & exit" |
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.zip (259.03 KB)
File Structure
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:conhost.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Malicious
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:conhost.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Malicious
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | conhost.exe --headless cmd /k "cmd < ~tmp.pdf:Participation & exit" Malicious |
f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.zip > f6c77098906f5634789d7fd7ff294bfd95325d69f1be96be1ee49ff161e07733.lnk |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.