Technical Information
Modifies file system
Creates the following files
- %TEMP%\qkuwxtbhr.js
- %TEMP%\segrfvd_94906.exe
- %TEMP%\segrfvd_36985.exe
Network activity
TCP
HTTP GET requests
- http://kv####vaya-lampa.ru/fC9qZW
- http://no##sys.com/EwX0sO
- http://an####vazquez.net/1UaAWY
- http://mo##.org.mk/oiNWQ0
- http://mu###mdate.com/mlB3PW
- http://pr#####toglass.co.nz/wMcW5Z
- http://ma###-ce.com/n859VM
- http://po###loki.ru/nbTURt
- http://pu####afacile.it/JvZ9cX
- http://re#####antjobs.co.uk/9cgwZ5
- http://ki##off.ru/WNwvki
- http://ro###arita.com/5NmH3b
- http://10###nsult.com/zZVPJj
- http://li##ion.net/9cRXIl
- http://ha##mee.com/hIPTXx
- http://re#####antjobs.co.uk/9cgwZ5/
- http://po###loki.ru/404
UDP
- DNS ASK kv####vaya-lampa.ru
- DNS ASK mi#######press-randburg.co.za
- DNS ASK ca##le78.it
- DNS ASK an####vazquez.net
- DNS ASK mo##.org.mk
- DNS ASK mu###mdate.com
- DNS ASK ak##rd.com
- DNS ASK pr#####toglass.co.nz
- DNS ASK ma###-ce.com
- DNS ASK pu####afacile.it
- DNS ASK re#####antjobs.co.uk
- DNS ASK ki##off.ru
- DNS ASK ba####nhatrang.xyz
- DNS ASK ro###arita.com
- DNS ASK je###mpiotr.pl
- DNS ASK be##v24.ru
- DNS ASK 10###nsult.com
- DNS ASK li##ion.net
- DNS ASK ha##mee.com
- DNS ASK ar####qayler.com
- DNS ASK no##sys.com
- DNS ASK po###loki.ru
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\wscript.exe' %TEMP%\qKuWXTbHR.js
