General
-
Target
abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
-
Size
4.0MB
-
Sample
230221-mv1n7agd4v
-
MD5
9d39777a22c1da64fab574493fffcec8
-
SHA1
4e7cec4defcc30ac55c29f53ccd32d66e7c0bf92
-
SHA256
abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
-
SHA512
a305f38a2d2b9b7e92678c954d3872b176a1aae6dbe74fc24e100188231c2c85cf734016395120c2f4366352cbcd7db60b4f2e9fbec8a7fdf2b62dceeb0fd952
-
SSDEEP
98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+h:7d+BmZuTF+926Y
Static task
static1
Malware Config
Targets
-
-
Target
abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
-
Size
4.0MB
-
MD5
9d39777a22c1da64fab574493fffcec8
-
SHA1
4e7cec4defcc30ac55c29f53ccd32d66e7c0bf92
-
SHA256
abd630954a6e7256d54fc7e64fd17f5bac97dbcf73b9f131f92edab19076b553
-
SHA512
a305f38a2d2b9b7e92678c954d3872b176a1aae6dbe74fc24e100188231c2c85cf734016395120c2f4366352cbcd7db60b4f2e9fbec8a7fdf2b62dceeb0fd952
-
SSDEEP
98304:427d+Bg5T7I7Guy6DronwhprKUG0DGFovT6+h:7d+BmZuTF+926Y
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-