Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'FIREFOX' = '<Full path to virus>'
- '<SYSTEM32>\wsbctray.exe'
- '<SYSTEM32>\wsbctray.exe' (downloaded from the Internet)
- <SYSTEM32>\wsbctray.tmp
- from <SYSTEM32>\wsbctray.tmp to <SYSTEM32>\wsbctray.exe
- 'localhost':1119
- '20#.#2.89.232':80
- 'sq###.##a.igempresas.net':1433
- 'sq###.##a.igempresas.net':445
- http://20#.#2.89.232/www/testconfig.jpg
- DNS ASK sq###.##a.igempresas.net