General
-
Target
d5e6b1d4f8f5ed4736b82eff2a26f91ddafabd91ecef99fafbd976ea5a80fc63
-
Size
4.0MB
-
Sample
230221-mk8xtaee36
-
MD5
de3739d04a96ce38686d2402304c5a24
-
SHA1
96cc07a715587eb9d219d2084cc4930f6b7a421b
-
SHA256
d5e6b1d4f8f5ed4736b82eff2a26f91ddafabd91ecef99fafbd976ea5a80fc63
-
SHA512
7c65e759a1f7f8018563626ba18bc9d3a79b898512106bce7db32ce7ac88914ab29a4957787649b865b73e4066ad53075b1f02cb06e822b7d39c838b370bd3fc
-
SSDEEP
98304:bZSAU52/ToHhsGVOMurwtgMX3tPcGTtpU:bZgM/TizHrNtpU
Static task
static1
Malware Config
Targets
-
-
Target
d5e6b1d4f8f5ed4736b82eff2a26f91ddafabd91ecef99fafbd976ea5a80fc63
-
Size
4.0MB
-
MD5
de3739d04a96ce38686d2402304c5a24
-
SHA1
96cc07a715587eb9d219d2084cc4930f6b7a421b
-
SHA256
d5e6b1d4f8f5ed4736b82eff2a26f91ddafabd91ecef99fafbd976ea5a80fc63
-
SHA512
7c65e759a1f7f8018563626ba18bc9d3a79b898512106bce7db32ce7ac88914ab29a4957787649b865b73e4066ad53075b1f02cb06e822b7d39c838b370bd3fc
-
SSDEEP
98304:bZSAU52/ToHhsGVOMurwtgMX3tPcGTtpU:bZgM/TizHrNtpU
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-