Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\windowsdefender.lnk
- <Current directory>\msp.zip
- %HOMEPATH%\documents\msp\stealer.exe
- %HOMEPATH%\documents\msp\fiddlercore45.dll
- %HOMEPATH%\documents\msp\fluorinefx.client.dll
- %HOMEPATH%\documents\msp\newtonsoft.json.dll
- <Current directory>\msp.zip
- 'su###e.ct8.pl':80
- http://su###e.ct8.pl/stealer.zip
- DNS ASK su###e.ct8.pl
- '%HOMEPATH%\documents\msp\stealer.exe'