General
-
Target
fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
-
Size
4.0MB
-
Sample
230221-vktrwshe4y
-
MD5
f50e60cc80cce290205a7b55ca4d5e84
-
SHA1
b574cf84c6fab4737cfb06efdfffdebc9d23591e
-
SHA256
fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
-
SHA512
f3b1ff500c31b2872e4d8bbf13cda075bba2a37e8124122f5202ea25889ef339d37018f4920cbf3c55f82df40127845c31caf6e22f473142acf1db70a0d80d2a
-
SSDEEP
98304:krwFQ7rbj38ljcSEC+VwnOxOrpk6M4Edwf:krwFQ3GcSAVgOxkOSf
Static task
static1
Malware Config
Targets
-
-
Target
fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
-
Size
4.0MB
-
MD5
f50e60cc80cce290205a7b55ca4d5e84
-
SHA1
b574cf84c6fab4737cfb06efdfffdebc9d23591e
-
SHA256
fd3da27e65a1a213f0f9b4cd8ad6697173170aad8be9318a0f2f07c88ba463dd
-
SHA512
f3b1ff500c31b2872e4d8bbf13cda075bba2a37e8124122f5202ea25889ef339d37018f4920cbf3c55f82df40127845c31caf6e22f473142acf1db70a0d80d2a
-
SSDEEP
98304:krwFQ7rbj38ljcSEC+VwnOxOrpk6M4Edwf:krwFQ3GcSAVgOxkOSf
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-