General
-
Target
ffb75ca079ac5817ce37209f406a405b2e790bae9f4736a404fb7117bd2eab78
-
Size
4.0MB
-
Sample
230221-qtpr3sgg7x
-
MD5
54501e35aca6c5ffacd576b4a37365ba
-
SHA1
559c2a4507a00ec7924c24733a3a23012a1c04f0
-
SHA256
ffb75ca079ac5817ce37209f406a405b2e790bae9f4736a404fb7117bd2eab78
-
SHA512
23cf71f1d923fec250d05b8195efac394acbc17369eb56b56ed82be819122e12ad5a3ac3d74035f1f12f77abe3ad3190fac1cd47b8bfca255ebba65eabb679a5
-
SSDEEP
98304:Wm8CHjWaEcjRJvKu0c/46HDQ3AxwdI/SXYDX:WuHqcVJCc/t1x5
Static task
static1
Malware Config
Targets
-
-
Target
ffb75ca079ac5817ce37209f406a405b2e790bae9f4736a404fb7117bd2eab78
-
Size
4.0MB
-
MD5
54501e35aca6c5ffacd576b4a37365ba
-
SHA1
559c2a4507a00ec7924c24733a3a23012a1c04f0
-
SHA256
ffb75ca079ac5817ce37209f406a405b2e790bae9f4736a404fb7117bd2eab78
-
SHA512
23cf71f1d923fec250d05b8195efac394acbc17369eb56b56ed82be819122e12ad5a3ac3d74035f1f12f77abe3ad3190fac1cd47b8bfca255ebba65eabb679a5
-
SSDEEP
98304:Wm8CHjWaEcjRJvKu0c/46HDQ3AxwdI/SXYDX:WuHqcVJCc/t1x5
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-