General
-
Target
74f241669a4f9826e2445d6affa29e9905029904096bf3a98736c5e48f30ca42
-
Size
4.1MB
-
Sample
230326-ntqy2agd38
-
MD5
a4578b5d8e42ba12395dda73a61693e7
-
SHA1
c4c2f04472c00578c76390c7d184ab048256bbd6
-
SHA256
74f241669a4f9826e2445d6affa29e9905029904096bf3a98736c5e48f30ca42
-
SHA512
2af73a146d65b95a959d2a2d07bbb32d48b45097dabc16671895f7212538080b569f673e09a0f5d68ab5b97336274e9a72fa202f9ef45a62cdf73626d5300421
-
SSDEEP
98304:ViGIF0rUD4kkX5/Z9a3jHzxa0o1kMvnM4CI:AGImQDTORZiH+1kMfM4CI
Static task
static1
Malware Config
Targets
-
-
Target
74f241669a4f9826e2445d6affa29e9905029904096bf3a98736c5e48f30ca42
-
Size
4.1MB
-
MD5
a4578b5d8e42ba12395dda73a61693e7
-
SHA1
c4c2f04472c00578c76390c7d184ab048256bbd6
-
SHA256
74f241669a4f9826e2445d6affa29e9905029904096bf3a98736c5e48f30ca42
-
SHA512
2af73a146d65b95a959d2a2d07bbb32d48b45097dabc16671895f7212538080b569f673e09a0f5d68ab5b97336274e9a72fa202f9ef45a62cdf73626d5300421
-
SSDEEP
98304:ViGIF0rUD4kkX5/Z9a3jHzxa0o1kMvnM4CI:AGImQDTORZiH+1kMfM4CI
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-