General
-
Target
c88245ad15f99ba831f8cbf56036d8a3ad4fd8c8c3bd4881c70bc3db1fae79ed
-
Size
4.1MB
-
Sample
230326-nvanfagd42
-
MD5
e4a1e570dec64ca353504c85c7afcbe1
-
SHA1
86287f990f3f3d9beb39cce33ca81e5faf87d58c
-
SHA256
c88245ad15f99ba831f8cbf56036d8a3ad4fd8c8c3bd4881c70bc3db1fae79ed
-
SHA512
1dc2a391c0c7a97db92e01b0bc72b363f0e2f3dedbc1a3014cc806edabf62df20452077ffcdf3cfa536bfe4e747fc3dc57b4860e7c016f209b7376f36364051e
-
SSDEEP
98304:ViGIF0rUD4kkX5/Z9a3jHzxa0o1kMvnM4CT:AGImQDTORZiH+1kMfM4CT
Static task
static1
Malware Config
Targets
-
-
Target
c88245ad15f99ba831f8cbf56036d8a3ad4fd8c8c3bd4881c70bc3db1fae79ed
-
Size
4.1MB
-
MD5
e4a1e570dec64ca353504c85c7afcbe1
-
SHA1
86287f990f3f3d9beb39cce33ca81e5faf87d58c
-
SHA256
c88245ad15f99ba831f8cbf56036d8a3ad4fd8c8c3bd4881c70bc3db1fae79ed
-
SHA512
1dc2a391c0c7a97db92e01b0bc72b363f0e2f3dedbc1a3014cc806edabf62df20452077ffcdf3cfa536bfe4e747fc3dc57b4860e7c016f209b7376f36364051e
-
SSDEEP
98304:ViGIF0rUD4kkX5/Z9a3jHzxa0o1kMvnM4CT:AGImQDTORZiH+1kMfM4CT
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-