This sample
was shared by a user on twitter - Malwr link.
On decoding,
the script looks like,
The above script
does a UAC elevation first and then proceeds to download the malware. Before downloading the malware the script changes the DNS entries of the local machine
- using “SetDNSServerSearchOrder” (in each and every network adapter) - Interesting!.
Whois information about the host from "whoisdomaintools.com".
No comments:
Post a Comment