Technical Information
- %TEMP%\inject_dll.dll
- %TEMP%\local_host.dll
- %TEMP%\_assist_config.json
- %TEMP%\_tmp.bat
- %TEMP%\_assist_config.json
- from <Full path to file> to %TEMP%\_tmp_<File name>.exe
- DNS ASK sa##.97myj.com
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\_tmp.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\_tmp.bat" "