General
-
Target
c44f977eec11543ca82ff353024debd41048d405d3c74506bf31c82c77e9f1ff
-
Size
4.0MB
-
Sample
230221-gc7rwsff7v
-
MD5
a202e58546e62f25d026be0876b800a0
-
SHA1
cd20ce6f2424cc87074b6b7ed14169dc7988a010
-
SHA256
c44f977eec11543ca82ff353024debd41048d405d3c74506bf31c82c77e9f1ff
-
SHA512
6c91c539df562c54e4b1241642c3a7fc3b7c7dd22d08964e40fa89f2681f319749bf274ec79b8df7198ff72e341a380ddab15882988684984e28f200855b121e
-
SSDEEP
98304:PX6VzPNrYPjUsmpLnNBadKuqW0H1oJ3LVUSXJeAjvUnC:PXQTSapLNBsKuwuJ3pPXkU7
Static task
static1
Malware Config
Targets
-
-
Target
c44f977eec11543ca82ff353024debd41048d405d3c74506bf31c82c77e9f1ff
-
Size
4.0MB
-
MD5
a202e58546e62f25d026be0876b800a0
-
SHA1
cd20ce6f2424cc87074b6b7ed14169dc7988a010
-
SHA256
c44f977eec11543ca82ff353024debd41048d405d3c74506bf31c82c77e9f1ff
-
SHA512
6c91c539df562c54e4b1241642c3a7fc3b7c7dd22d08964e40fa89f2681f319749bf274ec79b8df7198ff72e341a380ddab15882988684984e28f200855b121e
-
SSDEEP
98304:PX6VzPNrYPjUsmpLnNBadKuqW0H1oJ3LVUSXJeAjvUnC:PXQTSapLNBsKuwuJ3pPXkU7
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-