Artifact 1b469eb6982068c97e07c15fb5e59092f227c43415bd04839f41a997c63ed3d2:
- File PowerShell-CrytpoLocker.ps1 — part of check-in [ff7d7fe597] at 2018-06-10 14:04:21 on branch trunk — This is from a spam message. Trying to do some analysis on this but I’m a noob. Thought others might find this interesting. Work through the malicious PS code and figure out what it does, then blog about it. The file came from http://instamailserver.link/finito.ps1. I’d be interested in what you find/decode. Hit me up on twitter.com/madtomvane if you have more questions. (user: MadTomVane size: 8880)
A hex dump of this file is not available. Please download the raw binary file and generate a hex dump yourself.