General
-
Target
23eb2cd6c5757c60ba8817f82883bf23433edaf1c82b4d44fca2be9637dcfdc0
-
Size
4.0MB
-
Sample
230221-mr2r3see52
-
MD5
784340df8bdf42a33bef9d957939e18c
-
SHA1
ee8fb310c819926a663b9f6c0532831c9fb0f747
-
SHA256
23eb2cd6c5757c60ba8817f82883bf23433edaf1c82b4d44fca2be9637dcfdc0
-
SHA512
4e2eae7e1ebe3b1efbecdcc927fd4c15d785a03044bcb6152c8e4d9b69456ed9d3fc297f14c0cea60589e9167ff801450fc22feb67cee6999f2780040aebdae4
-
SSDEEP
98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+f:7d+BmZuTF+9266
Static task
static1
Malware Config
Targets
-
-
Target
23eb2cd6c5757c60ba8817f82883bf23433edaf1c82b4d44fca2be9637dcfdc0
-
Size
4.0MB
-
MD5
784340df8bdf42a33bef9d957939e18c
-
SHA1
ee8fb310c819926a663b9f6c0532831c9fb0f747
-
SHA256
23eb2cd6c5757c60ba8817f82883bf23433edaf1c82b4d44fca2be9637dcfdc0
-
SHA512
4e2eae7e1ebe3b1efbecdcc927fd4c15d785a03044bcb6152c8e4d9b69456ed9d3fc297f14c0cea60589e9167ff801450fc22feb67cee6999f2780040aebdae4
-
SSDEEP
98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+f:7d+BmZuTF+9266
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-