Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\driver\usb\Desktop.ini
- <Drive name for removable media>:\driver\usb\WIN_UPDATE_CRYTICAL[KB6564589].exe
- <Drive name for removable media>:\autorun.inf
Malicious functions:
Injects code into
the following system processes:
- <SYSTEM32>\svchost.exe
Modifies file system :
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\driver\usb\WIN_UPDATE_CRYTICAL[KB6564589].exe
Network activity:
Connects to:
- '<Private IP address>':445
- '<Private IP address>':80
- '<Private IP address>':139