Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.ps1

  • Size

    26KB

  • MD5

    2a680dde29137ba21345b65466e92afb

  • SHA1

    6675e5b0364d01c5a8725352a23c116f72ba2dca

  • SHA256

    da487c7331a5ed00f5d1445fa324a7cd7349242abaeb89d83a806d87478f6e8b

  • SHA512

    2638bd0279a322c070d8216c6a8a6bac452ed69a7961bbb9c69118386c6f8063f8acd53fcf1fc135a3ed0ea2a06f6adf42ff2063a03b32b68621733a46cd3cde

  • SSDEEP

    768:Zd8dfbLmdJL2Y0r4PUSbh2/Z4l7v5SBVFVJV:n8dfbLmdJL2aPUSbhS4TSBxJV

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/ChildrenOfYahweh/Kematian-Stealer/main/frontend-src/injection.js
exe.dropper

https://ptb.discord.com/api/webhooks/1246367579304628234/xjZ3ziBRiFULhyyAlnK0C-0F33-yMdXnd5AHtcTDVDT6kndr4T6MRXIytme0k9vU_m6n
exe.dropper

https://i.imgur.com/DOIYOtp.gif
exe.dropper

https://github.com/ChildrenOfYahweh/Kematian-Stealer/raw/main/frontend-src/blockhosts.ps1
exe.dropper

https://github.com/ChildrenOfYahweh/Kematian-Stealer/raw/main/frontend-src/antivm.ps1
exe.dropper

http://ip-api.com/json
exe.dropper

https://github.com/ChildrenOfYahweh/Kematian-Stealer/raw/main/frontend-src/webcam.ps1
exe.dropper

https://github.com/ChildrenOfYahweh/Kematian-Stealer/raw/main/frontend-src/kematian_shellcode.ps1

Signatures

Files

  • test.ps1
    .ps1