“The next step is it will set a timed procedure to try and delete the encrypted files in the directories listed below, deleting the files every two hours in the following order: %userprofile%\Pictures %userprofile%\Desktop and %userprofile%\Documents,” the researchers wrote.Īt the same time, it starts using LimeUSB_Csharp.exe to infect USB drives if they exist. It also monitors for Taskmgr, Procmon64 and ProcessHacker, which could interrupt its processes. Once the payload is executed, it connects to a command-and-control (C2) server and disables Windows Defender and UAC through a registry tweak.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |