Technical Information
Modifies file system
Creates the following files
- %TEMP%\20230916t234329_717.exe
- %TEMP%\20230916t234406_823.exe
Network activity
Connects to
- '20##########329_717.ltiapmyzmjxrvrts.info':80
- '20##########406_823.ltiapmyzmjxrvrts.info':80
- '20##########443_904.ltiapmyzmjxrvrts.info':80
TCP
HTTP GET requests
- http://20##########329_717.ltiapmyzmjxrvrts.info/v4/20230916T234329_717.exe
- http://20##########406_823.ltiapmyzmjxrvrts.info/v4/20230916T234406_823.exe
- http://20##########443_904.ltiapmyzmjxrvrts.info/v4/20230916T234443_904.exe
UDP
- DNS ASK 20##########329_717.ltiapmyzmjxrvrts.info
- DNS ASK 20##########406_823.ltiapmyzmjxrvrts.info
- DNS ASK 20##########443_904.ltiapmyzmjxrvrts.info
Miscellaneous
Creates and executes the following
- '%TEMP%\20230916t234329_717.exe'
- '%TEMP%\20230916t234406_823.exe'
Executes the following
- '<SYSTEM32>\cmd.exe' /c %TEMP%\20230916T234329_717.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\20230916T234406_823.exe
- '<SYSTEM32>\cmd.exe' /c %TEMP%\20230916T234443_904.exe
