Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- %WINDIR%\tasks\taskpacing.job
- <SYSTEM32>\tasks\taskpacing
Sets the following service settings
- [<HKLM>\System\CurrentControlSet\Services\Secular Fear] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Secular Fear] 'ImagePath' = '%APPDATA%\Secular Fear\Secular Fear.exe'
Creates the following services
- 'Secular Fear' %APPDATA%\Secular Fear\Secular Fear.exe
Modifies file system
Creates the following files
- %ALLUSERSPROFILE%\{c8bcf1ac-2ef3-e100-c8bc-cf1ac2efc6b0}\<File name>.exe
- %ALLUSERSPROFILE%\{c8bcf1ac-2ef3-e100-c8bc-cf1ac2efc6b0}\<File name>.dat
- %APPDATA%\secular fear\secular fear.exe
- %APPDATA%\secular fear\2xf.dat
Network activity
Connects to
- 'fi####usapro.info':80
- 'ge####ltiple.link':80
- 'ge####uesee.info':80
UDP
- DNS ASK fi####usapro.info
- DNS ASK al####el-pro.com
- DNS ASK ge####ltiple.link
- DNS ASK ge####uesee.info
Miscellaneous
Creates and executes the following
- '%APPDATA%\secular fear\secular fear.exe'
