Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'botnet' = 'C:\nuts_911\botnet.exe'
- C:\nuts_911\botnet.exe
- C:\nuts_911\botnet.exe
- 'te##gra.ph':443
- DNS ASK te##gra.ph
- '<SYSTEM32>\cmd.exe' /Q /C attrib +h C:\nuts_911
- '<SYSTEM32>\cmd.exe' /Q /C attrib +h C:\nuts_911\botnet.exe
- '<SYSTEM32>\attrib.exe' +h C:\nuts_911
- '<SYSTEM32>\attrib.exe' +h C:\nuts_911\botnet.exe