General
-
Target
8b1104c9ca63a0ac592e175347a974599ffd6f9243f53f4cfbc1215be0231355
-
Size
4.0MB
-
Sample
230221-j72kgaga2z
-
MD5
0abf535fb10c740818e32b3a2aac310a
-
SHA1
a5f869ea789ab85d8adfadf90f61c56c18b236d7
-
SHA256
8b1104c9ca63a0ac592e175347a974599ffd6f9243f53f4cfbc1215be0231355
-
SHA512
b618b0047af0d3c86adc310723d5dce7eb4334a524ea78588a1a768be344e519f2acb3a1bde976c58e6e6571eef4f09143d688b915e5db708ffef952daea7951
-
SSDEEP
98304:oOcl/6p/hXvawWDPCW6slvHtwGl4mbc7kkQ8o6l27FqZCt7h3cU:glyhhXyw2PMIvtZ4vBQ2iqZCUU
Static task
static1
Malware Config
Targets
-
-
Target
8b1104c9ca63a0ac592e175347a974599ffd6f9243f53f4cfbc1215be0231355
-
Size
4.0MB
-
MD5
0abf535fb10c740818e32b3a2aac310a
-
SHA1
a5f869ea789ab85d8adfadf90f61c56c18b236d7
-
SHA256
8b1104c9ca63a0ac592e175347a974599ffd6f9243f53f4cfbc1215be0231355
-
SHA512
b618b0047af0d3c86adc310723d5dce7eb4334a524ea78588a1a768be344e519f2acb3a1bde976c58e6e6571eef4f09143d688b915e5db708ffef952daea7951
-
SSDEEP
98304:oOcl/6p/hXvawWDPCW6slvHtwGl4mbc7kkQ8o6l27FqZCt7h3cU:glyhhXyw2PMIvtZ4vBQ2iqZCUU
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-