Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\UsbFix.vbs
- <Drive name for removable media>:\UsbFix.bat
- <Drive name for removable media>:\UsbFix.js
- <Drive name for removable media>:\UsbFix.vbe
- <Drive name for removable media>:\Photos.lnk
- <Drive name for removable media>:\USBDRIVE (8GB).lnk
- <Drive name for removable media>:\DCIM.lnk
- <Drive name for removable media>:\Camera.lnk
- <Drive name for removable media>:\RecoverMyFiles.lnk
Malicious functions:
Executes the following:
- '<SYSTEM32>\cmd.exe' /c %Temp%\Updater.exe&del %Temp%\Updater.exe
Modifies file system:
Creates the following files:
- %TEMP%\readme.txt
Network activity:
Connects to:
- 'pa###bin.com':80
TCP:
HTTP GET requests:
- http://pa###bin.com/raw/fp9v0FxW
UDP:
- DNS ASK pa###bin.com
- DNS ASK google.com
