Technical Information
- <SYSTEM32>\tasks\vibo
- %APPDATA%\malicious.exe
- 'ha###.hopto.org':1111
- DNS ASK ha###.hopto.org
- '%APPDATA%\malicious.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "vibo" /tr "%APPDATA%\Malicious.exe"' (with hidden window)
- '%APPDATA%\malicious.exe' ' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc minute /mo 1 /tn "vibo" /tr "%APPDATA%\Malicious.exe"
- '<SYSTEM32>\taskeng.exe' {2506784F-F294-4139-974E-10AF99CC00DF} S-1-5-21-1960123792-2022915161-3775307078-1001:wrjqfv\user:Interactive:[1]