General
-
Target
8ee8b8c8a0c38af1e40ab4bc5eb7979f9e5771c0b043d682fc70d302bc0800eb
-
Size
4.0MB
-
Sample
230221-mqzlbsee48
-
MD5
32abee7170ba293ccc198fb840c19ae4
-
SHA1
cd0f8a58e4c47ece9ae9bb4bb4df5831a8714e55
-
SHA256
8ee8b8c8a0c38af1e40ab4bc5eb7979f9e5771c0b043d682fc70d302bc0800eb
-
SHA512
999bb60b3b350146f625bde24d20efaacb0a001f9517d8a6e10d01520cd75054c73fa6147961153deb075d929f9815736c18bf9e38f71355b6749b4e69abcf7d
-
SSDEEP
98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+q:7d+BmZuTF+926P
Static task
static1
Malware Config
Targets
-
-
Target
8ee8b8c8a0c38af1e40ab4bc5eb7979f9e5771c0b043d682fc70d302bc0800eb
-
Size
4.0MB
-
MD5
32abee7170ba293ccc198fb840c19ae4
-
SHA1
cd0f8a58e4c47ece9ae9bb4bb4df5831a8714e55
-
SHA256
8ee8b8c8a0c38af1e40ab4bc5eb7979f9e5771c0b043d682fc70d302bc0800eb
-
SHA512
999bb60b3b350146f625bde24d20efaacb0a001f9517d8a6e10d01520cd75054c73fa6147961153deb075d929f9815736c18bf9e38f71355b6749b4e69abcf7d
-
SSDEEP
98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+q:7d+BmZuTF+926P
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-