General
-
Target
ee1a786412ddad028ad6905c23760eb56f928a3622429583690376fc48dcdf43
-
Size
4.0MB
-
Sample
230221-t5zm7sfe39
-
MD5
31aa1200279e97c38a94547e9d6cb182
-
SHA1
4c5ad022aee2642a5d38c1aa521dbc0e14cba0c3
-
SHA256
ee1a786412ddad028ad6905c23760eb56f928a3622429583690376fc48dcdf43
-
SHA512
fd5d666f6e1f893ab610d148f1eb8b639f95c29acac14cda097af04d885ae8c3ca754bcdbbcecc70e6ecd97b150b44e5c4ea55e6e06d6846d551fac7fc12eb0d
-
SSDEEP
98304:tfVSxIPdgd8feRQZUKSroRj6k6LDLp1LM66:tfIxQ2ufeR//rXkIh1LM66
Static task
static1
Malware Config
Targets
-
-
Target
ee1a786412ddad028ad6905c23760eb56f928a3622429583690376fc48dcdf43
-
Size
4.0MB
-
MD5
31aa1200279e97c38a94547e9d6cb182
-
SHA1
4c5ad022aee2642a5d38c1aa521dbc0e14cba0c3
-
SHA256
ee1a786412ddad028ad6905c23760eb56f928a3622429583690376fc48dcdf43
-
SHA512
fd5d666f6e1f893ab610d148f1eb8b639f95c29acac14cda097af04d885ae8c3ca754bcdbbcecc70e6ecd97b150b44e5c4ea55e6e06d6846d551fac7fc12eb0d
-
SSDEEP
98304:tfVSxIPdgd8feRQZUKSroRj6k6LDLp1LM66:tfIxQ2ufeR//rXkIh1LM66
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-