Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\msiexec.exe'
Injects code into
the following system processes:
- <SYSTEM32>\msiexec.exe
Modifies file system:
Creates the following files:
- %TEMP%\902592084
- %TEMP%\nsv2.tmp
Network activity:
Connects to:
- 'se#####yinformation.ws':80
- 'ca####e24hrs.com':80
- 'bi###ectis.com':80
- 'ca####torezone.com':80
- 'bb####ersget.com':80
- 'co###ooter.com':80
- 'jp###rtcert.com':80
- 'as###buzzze.com':80
- 'pr####pstocks.net':80
- 'pr###kktc.com':80
- '20#.#6.232.182':80
- 'br###ses.com':80
- 'pr###bot.net':80
- 'bl###tocket.com':80
- 'bi###mise.com':80
UDP:
- DNS ASK se#####yinformation.ws
- DNS ASK ca####e24hrs.com
- DNS ASK bi###ectis.com
- DNS ASK ca####torezone.com
- DNS ASK bb####ersget.com
- DNS ASK co###ooter.com
- DNS ASK jp###rtcert.com
- DNS ASK as###buzzze.com
- DNS ASK pr####pstocks.net
- DNS ASK pr###kktc.com
- DNS ASK microsoft.com
- DNS ASK br###ses.com
- DNS ASK pr###bot.net
- DNS ASK bl###tocket.com
- DNS ASK bi###mise.com
