Technical Information
- de5523dd.exe
- %TEMP%\de5523dd.exe
- %TEMP%\user.json
- %TEMP%\user.json
- 'ip##fo.io':80
- '80.#8.24.75':80
- http://80.#8.24.75/SFeg23dErEf/index.php?co##############
- DNS ASK ip##fo.io
- '%TEMP%\de5523dd.exe'
- '%TEMP%\de5523dd.exe' /scomma %TEMP%\sample.txt
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<Full path to file>' -Destination '%TEMP%\DE5523DD.exe';Start-Sleep -s 10;Start-Process '%TEMP%\DE5523DD.exe'' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Copy-Item -Path '<Full path to file>' -Destination '%TEMP%\DE5523DD.exe';Start-Sleep -s 10;Start-Process '%TEMP%\DE5523DD.exe'