General
-
Target
dbd4cf3a7e8ceb4be47b316e889fd48d7bca2d15c8f1dfc181c5d9a60753f97b
-
Size
4.0MB
-
Sample
230221-t41twafe36
-
MD5
e3357c8791588d8029b6b33dd1900e58
-
SHA1
b6d2215cb723bda5fa4db890e9f060ceca91e837
-
SHA256
dbd4cf3a7e8ceb4be47b316e889fd48d7bca2d15c8f1dfc181c5d9a60753f97b
-
SHA512
2a3190f38a5108c6839bf3b8bb16aee2f43a952540537cf6711b83dbe44e685b80c91a4fae2b99f86f5ad8a2b12e2be0937b013f1145f535591c1881081bd929
-
SSDEEP
98304:tfVSxIPdgd8feRQZUKSroRj6k6LDLp1LM6A:tfIxQ2ufeR//rXkIh1LM6A
Static task
static1
Malware Config
Targets
-
-
Target
dbd4cf3a7e8ceb4be47b316e889fd48d7bca2d15c8f1dfc181c5d9a60753f97b
-
Size
4.0MB
-
MD5
e3357c8791588d8029b6b33dd1900e58
-
SHA1
b6d2215cb723bda5fa4db890e9f060ceca91e837
-
SHA256
dbd4cf3a7e8ceb4be47b316e889fd48d7bca2d15c8f1dfc181c5d9a60753f97b
-
SHA512
2a3190f38a5108c6839bf3b8bb16aee2f43a952540537cf6711b83dbe44e685b80c91a4fae2b99f86f5ad8a2b12e2be0937b013f1145f535591c1881081bd929
-
SSDEEP
98304:tfVSxIPdgd8feRQZUKSroRj6k6LDLp1LM6A:tfIxQ2ufeR//rXkIh1LM6A
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-