General
-
Target
854a1da8b30c4344562f94dc148d1255f132d1c12577c179596ba06bf1d3a4ea
-
Size
4.0MB
-
Sample
230220-t5h1fsdd6x
-
MD5
ad7248077fe9cac4b29f6a07364cb45b
-
SHA1
9e1f1b1a80c3ca19084a9cd063a8d3548057efdc
-
SHA256
854a1da8b30c4344562f94dc148d1255f132d1c12577c179596ba06bf1d3a4ea
-
SHA512
cb13397ef42ed5977eb8aab3694a0ad2b28847cea1f260bf671fe039fff9256b342362c0c78f4853e2e8399819934a660279ca3441a2f7408057879d896d9a98
-
SSDEEP
98304:WMl1bCfev7JhW3xrkcITFff9vNIhakZJD/2+uwX74Glz:jjW3pkhFfFsakZJDuiL4GF
Static task
static1
Malware Config
Targets
-
-
Target
854a1da8b30c4344562f94dc148d1255f132d1c12577c179596ba06bf1d3a4ea
-
Size
4.0MB
-
MD5
ad7248077fe9cac4b29f6a07364cb45b
-
SHA1
9e1f1b1a80c3ca19084a9cd063a8d3548057efdc
-
SHA256
854a1da8b30c4344562f94dc148d1255f132d1c12577c179596ba06bf1d3a4ea
-
SHA512
cb13397ef42ed5977eb8aab3694a0ad2b28847cea1f260bf671fe039fff9256b342362c0c78f4853e2e8399819934a660279ca3441a2f7408057879d896d9a98
-
SSDEEP
98304:WMl1bCfev7JhW3xrkcITFff9vNIhakZJD/2+uwX74Glz:jjW3pkhFfFsakZJDuiL4GF
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-