|
Hash | Hash Value |
|---|---|
| MD5 | 5c057af2f358fc10107d5ccdb39938ad
|
| Sha1 | e2e8516b4f275e8c636620b7377ee3b9f9f47bb0
|
| Sha256 | 2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5
|
| Sha384 | 0b925c1e92d318917000c573960a9abd62515694b5f3142116192917ccfa8a1b91afaf58e94629fed3eccc1b8517669a
|
| Sha512 | c5f0e6e1f69b686c8ffbb950c2b0120232b929df33c1041a392e14220cc29604befc23e19a06234c0594ae2eb00c747e56117298de50940b4a20b9f329a58cfb
|
| SSDeep | 24576:5NOmTRC/KmPbeqL+FnXvO9+f1KUw+T/s/e:vOmVv+bD+1X29WKwE/
|
| TLSH | 41352314FCA42B1FC60B1F32550BDA513FED6D42DF7150636328B2996A373B1BAD206A
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | powershell "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, "tango_utility84.ps1") " run "PowerShell" "hidden" shell.run "powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File "" & psscript & @(""", 0, [Unmanaged(ErrorExpressionAst)] ,) false |
| Deobfuscated PowerShell | "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, " tango_utility84.ps1) run "PowerShell" "hidden" shell.run @("powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File " & psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] ] , false |
| Deobfuscated PowerShell | psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ] "false" |
| Deobfuscated PowerShell | psscript & "", 0, [Unmanaged(ErrorExpressionAst)] ,) false" |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | powershell "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, "tango_utility84.ps1") " run "PowerShell" "hidden" shell.run "powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File "" & psscript & @(""", 0, [Unmanaged(ErrorExpressionAst)] ,) false Malicious |
5c057af2f358fc10107d5ccdb39938ad > Root Entry > 䄧䄷䆾䅤 > VbsFile > [PowerShell Command] |
| Deobfuscated PowerShell | "script" "hidden" set "shell" "=" "CreateObject" "WScript.Shell" set "fso" "=" "CreateObject" "Scripting.FileSystemObject" " Get script directory scriptDir = fso.GetParentFolderName(WScript.ScriptFullName) psScript = fso.BuildPath(scriptDir, " tango_utility84.ps1) run "PowerShell" "hidden" shell.run @("powershell -NoProfile -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -File " & psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] ] , false Malicious |
5c057af2f358fc10107d5ccdb39938ad > Root Entry > 䄧䄷䆾䅤 > VbsFile > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | psscript & @("", 0, "[Unmanaged") (errorexpressionast) [Unmanaged(ErrorExpressionAst)] [Unmanaged(ErrorExpressionAst)] ] "false" Malicious |
5c057af2f358fc10107d5ccdb39938ad > Root Entry > 䄧䄷䆾䅤 > VbsFile > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | psscript & "", 0, [Unmanaged(ErrorExpressionAst)] ,) false" Malicious |
5c057af2f358fc10107d5ccdb39938ad > Root Entry > 䄧䄷䆾䅤 > VbsFile > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] > [PowerShell Command] |