Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'qdatem' = 'C:\Users\Public\Documents\Applicationhobip.exe'
- C:\users\public\documents\zy.txt
- C:\users\public\downloads\tcmd.dll
- %TEMP%\<File name>.txt
- C:\users\public\documents\sjsw.log
- C:\users\public\documents\sjwback.dat
- <PATH_SAMPLE>.txt
- from <Full path to file> to C:\users\public\documents\applicationhobip.exe
- '38.##.135.110':80
- 'ka###one.top':3368
- http://38.##.135.110/5555/zy.txt
- http://38.##.135.110/5555/cdyxf.png
- DNS ASK ka###one.top
- '%WINDIR%\syswow64\notepad.exe' %TEMP%\<File name>.txt