Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Udpate' = '%APPDATA%\swan_tmp\lass.exe'
Malicious functions:
Creates and executes the following:
- '%APPDATA%\swan_tmp\lass.exe'
Modifies file system :
Creates the following files:
- %APPDATA%\swan_tmp\dkl_config.ini
- %APPDATA%\swan_tmp\lass.exe
- <Current directory>\dkl_config.ini
Deletes the following files:
- %APPDATA%\swan_tmp\dkl_config.ini
- <Current directory>\dkl_config.ini
Deletes itself.