Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%LOCALAPPDATA%\brashotel.exe",'
- <File name>.exe
- %TEMP%\_pzasrujqiwlyzxbnly.vbs
- %LOCALAPPDATA%\brashotel.exe
- %TEMP%\<File name>.exe
- 'be#.###testmaking.com':74
- DNS ASK be#.###testmaking.com
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\_Pzasrujqiwlyzxbnly.vbs"
- '%TEMP%\<File name>.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%LOCALAPPDATA%\brashotel.exe'' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Set-MpPreference -ExclusionPath C:\,'%LOCALAPPDATA%\brashotel.exe'