General
-
Target
cdc3f22f1ddd5202090b253ec12a211e1cb14751fc041d91b1fce37958112df6
-
Size
4.0MB
-
Sample
230220-t9qk4add8z
-
MD5
0b25de784069014025d84dca02c72bee
-
SHA1
c0717ccab97a0ff584dcb352617113274caf4374
-
SHA256
cdc3f22f1ddd5202090b253ec12a211e1cb14751fc041d91b1fce37958112df6
-
SHA512
f19e4aa1225300d5103ad8aa340f58b2011c95a694f62ad3f25a5a33785b6fd1cbc2f1350ac6a3b2c01986d133cbff1b80499be40502413043b3834b7edc59c2
-
SSDEEP
98304:WMl1bCfev7JhW3xrkcITFff9vNIhakZJD/2+uwX74GlG:jjW3pkhFfFsakZJDuiL4GY
Static task
static1
Malware Config
Targets
-
-
Target
cdc3f22f1ddd5202090b253ec12a211e1cb14751fc041d91b1fce37958112df6
-
Size
4.0MB
-
MD5
0b25de784069014025d84dca02c72bee
-
SHA1
c0717ccab97a0ff584dcb352617113274caf4374
-
SHA256
cdc3f22f1ddd5202090b253ec12a211e1cb14751fc041d91b1fce37958112df6
-
SHA512
f19e4aa1225300d5103ad8aa340f58b2011c95a694f62ad3f25a5a33785b6fd1cbc2f1350ac6a3b2c01986d133cbff1b80499be40502413043b3834b7edc59c2
-
SSDEEP
98304:WMl1bCfev7JhW3xrkcITFff9vNIhakZJD/2+uwX74GlG:jjW3pkhFfFsakZJDuiL4GY
-
Glupteba payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-