Technical Information
- %TEMP%\sbotshot
- http://sh###bot.com/
- DNS ASK sh###bot.com
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' [convert]::ToBase64String((Get-Content %TEMP%\SBOTshot -Encoding byte))
- '%WINDIR%\syswow64\cmd.exe' /c systeminfo
- '%WINDIR%\syswow64\systeminfo.exe'
- '%WINDIR%\syswow64\cmd.exe' /c hostname
- '%WINDIR%\syswow64\hostname.exe'
- '%WINDIR%\syswow64\cmd.exe' /c whoami
- '%WINDIR%\syswow64\whoami.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ipconfig
- '%WINDIR%\syswow64\ipconfig.exe'
- '%WINDIR%\syswow64\cmd.exe' /c ver
- '%WINDIR%\syswow64\cmd.exe' /c powershell [convert]::ToBase64String((Get-Content %TEMP%\SBOTshot -Encoding byte))