Technical Information
Modifies file system
Creates the following files
- %TEMP%\kiqrojoof.js
- %TEMP%\yszgxds_2711.exe
Network activity
TCP
HTTP GET requests
- http://le######erryconsulting.com/gXTND7
- http://am##sur.com/sJIEQB
- http://li##ion.net/9cRXIl
- http://no#####likejones.com/hati3x
- http://ma#####iproperties.com/pQIJGB
- http://re#####antjobs.co.uk/9cgwZ5
- http://re#####antjobs.co.uk/9cgwZ5/
- http://ri####ncoperu.org/B3AlqT
- http://pg####unitycab.com/FAlx1b
- http://ha##mee.com/hIPTXx
- http://li##roup.ru/vV9c7l
- http://qu#####anieriviste.com/WIKuLk
- http://mo##.org.mk/oiNWQ0
- http://po###loki.ru/nbTURt
- http://po###loki.ru/404
UDP
- DNS ASK le######erryconsulting.com
- DNS ASK pa###.heutagon.com
- DNS ASK qu#####anieriviste.com
- DNS ASK al###zatrio.com
- DNS ASK li##roup.ru
- DNS ASK me##kino.ru
- DNS ASK mi#######press-randburg.co.za
- DNS ASK ha##mee.com
- DNS ASK ba####nhatrang.xyz
- DNS ASK pg####unitycab.com
- DNS ASK la###umano.cl
- DNS ASK ri####ncoperu.org
- DNS ASK ma####nkostyle.net
- DNS ASK am####-concerts.de
- DNS ASK bi#####prservices.com
- DNS ASK ca##le78.it
- DNS ASK re#####antjobs.co.uk
- DNS ASK re#####.motociclismo.es
- DNS ASK ma#####iproperties.com
- DNS ASK no#####likejones.com
- DNS ASK li##ion.net
- DNS ASK am##sur.com
- DNS ASK be###basol.com
- DNS ASK ak##rd.com
- DNS ASK mo##.org.mk
- DNS ASK po###loki.ru
Miscellaneous
Creates and executes the following
- '<SYSTEM32>\wscript.exe' %TEMP%\kIQROjooF.js
