| 細節
描述: |
它會連線至特定網站以傳送和接收資訊。
安裝
它會放置下列檔案:
- {Malware Path}\{Malware Name}.exe:$FILE → contains {Malware
Path}\{Malware Name}.exe
- {Malware Path}\{Malware Name}.exe:$GUID → contains
/anchor_dns/{Workstation Name}_{Windows Version}.<{32-character long
client ID}>/[0-1]/{Content}\xb[0-9]
- {{Malware Path}\{Malware Name}.exe:$TASK → contains
“{string1} autoupdate#{5 Random Numbers}.xml”
- {{string1} can be any of the folders found on %Application
Data%
- “{string1} autoupdate#{5 Random Numbers}”.xml → a task
scheduler that executes the malware sample with parameter -u every
fifteenth minute
其他詳細資訊
它會連線至下列網站以傳送和接收資訊:
- {Obfuscated Message Type + UUID}{Content}.{BLOCKED}ivo.com
- where Message Type can be any of the following:
- Type 0 (Sending of Data)
- Type 1 (Preparation for receival of Data)
- Type 2 (Receiving of Data)
|