This needs more verification.* The filename remained static during analysis.* The original malware exe (ex. ![]() Analysis Observations:* It sets up persistence by creating a Scheduled Task with the following characteristics: * Name: Update * Trigger: At Log on * Action: %LocalAppData%\$Example\\waroupada.exe /i * Conditions: Stop if the computer ceases to be idle.* The sub-directory within %LocalAppdata%, Appears to be randomly picked from the list of directories within %ProgramFiles%.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |