Technical Information
To ensure autorun and distribution
Creates or modifies the following files
- %APPDATA%\microsoft\windows\start menu\programs\startup\<File name>.js
Modifies file system
Creates the following files
- unc\zxsszvu*\mailslot\net\netlogon
Network activity
Connects to
- 'ra#.####ubusercontent.com':443
- 'ip##fo.io':80
- 'ip##fo.io':443
- 'localhost':80
TCP
HTTP GET requests
- http://ip##fo.io/ip
- http://ip##fo.io/country
Other
- 'ra#.####ubusercontent.com':443
- 'ip##fo.io':443
UDP
- DNS ASK ra#.####ubusercontent.com
- DNS ASK ip##fo.io
Miscellaneous
Executes the following
- '<SYSTEM32>\cmd.exe' /C net view > "%TEMP%\rad7CAE0.tmp"
- '<SYSTEM32>\net.exe' view
- '<SYSTEM32>\cmd.exe' /C net view > "%TEMP%\rad7CAE0.tmp"' (with hidden window)
