General
-
Target
80b9cb755acd34caaccc7bd4fb8cd7ec81be2d519321e229047df398ad1c01c8
-
Size
4.0MB
-
Sample
230220-yw3eyscc38
-
MD5
5067e357a346d3b1ce031dd227b57ebe
-
SHA1
7f44330de64e3ec03b88ab1565f35c3bc953a630
-
SHA256
80b9cb755acd34caaccc7bd4fb8cd7ec81be2d519321e229047df398ad1c01c8
-
SHA512
9b5500ec90ca9a98ba21eb8a772bbca1809cae7647f613b71148a03d218706c27aab0d0f7991c61f7b98c6cf7b1104b82059f3e22bed65e1a6b294d765622a4e
-
SSDEEP
98304:XiM/QgUZuS/H/9XMAqpyjYrPJPowySaVm1DCPeZyRXWxS:XiZYA1X6g0rRPbtaV+DC5US
Static task
static1
Malware Config
Targets
-
-
Target
80b9cb755acd34caaccc7bd4fb8cd7ec81be2d519321e229047df398ad1c01c8
-
Size
4.0MB
-
MD5
5067e357a346d3b1ce031dd227b57ebe
-
SHA1
7f44330de64e3ec03b88ab1565f35c3bc953a630
-
SHA256
80b9cb755acd34caaccc7bd4fb8cd7ec81be2d519321e229047df398ad1c01c8
-
SHA512
9b5500ec90ca9a98ba21eb8a772bbca1809cae7647f613b71148a03d218706c27aab0d0f7991c61f7b98c6cf7b1104b82059f3e22bed65e1a6b294d765622a4e
-
SSDEEP
98304:XiM/QgUZuS/H/9XMAqpyjYrPJPowySaVm1DCPeZyRXWxS:XiZYA1X6g0rRPbtaV+DC5US
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-