Technical Information
Malicious functions:
Executes the following:
- '<SYSTEM32>\tasklist.exe'
Modifies file system :
Deletes itself.
Network activity:
Connects to:
- 'do###.0dns.pw':8080
UDP:
- DNS ASK do###.0dns.pw