Re: Needs domain admin and can allow you to impersonate any user.
PSEXEC requires you know the password of the user you intend to impersonate, as do many other Windows commands (i.e. Run As), or to have rights to run as the system account which would still how up in the system log, if only until the default purge. This malware does not, so it is not quite the same thing. As far as creating an account with admin privileges and giving it some hard to detect name or AD container, some of us monitor stuff like that. My guess is the point of this malware is that it can be used to target shops that have a high level of paranoia and security procedures to match. It would be very difficult to track it back to its origin even if its fingerprints were found. It could be used to create a significant amount of chaos in highly secure environments by setting different individuals up as bad actors. It's not that these things cannot be accomplished by other means, it's just that this way will be much more effective.
Biting the hand that feeds IT
