Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\x.exe
- <Drive name for removable media>:\.lnk
Modifies file system:
Creates the following files:
- %APPDATA%\Windata\svchost.exe
- %TEMP%\WinSec.vbs
- %TEMP%\Data.txt
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\x.exe
Deletes the following files:
- %TEMP%\Data.txt
Substitutes the following files:
- %TEMP%\Data.txt
Network activity:
Connects to:
- 'ip##i.co':443
- 'sa#####ert.duckdns.org':5454
UDP:
- DNS ASK ip##i.co
- DNS ASK sa#####ert.duckdns.org
Miscellaneous:
Creates and executes the following:
- '<SYSTEM32>\wscript.exe' %TEMP%\WinSec.vbs