General
-
Target
8cc552abaa5626bb8e0f63c876a88ef9c09b25d22f44d44c8c8b133b7885fd4a
-
Size
4.1MB
-
Sample
230326-y7l74sbh4s
-
MD5
c2094f0892ae8c9b5562b413c898d847
-
SHA1
aa1f2134706b28dec552a666601ffca6de18814b
-
SHA256
8cc552abaa5626bb8e0f63c876a88ef9c09b25d22f44d44c8c8b133b7885fd4a
-
SHA512
078b26555b657c67104bfecf0a9c980454a4fe4fe290fa314f78de3e1bfe5f09196cfc058fc441c57a8196b8509be6769b64a2d6c7664783e83d0fdc2a8f8da1
-
SSDEEP
98304:s/3z+q3kCw6T/jJgazfJD3b78JfkS5ao/0O4bwkD:Wn3kVa/jJgazpL7SkS5aoN2
Static task
static1
Malware Config
Targets
-
-
Target
8cc552abaa5626bb8e0f63c876a88ef9c09b25d22f44d44c8c8b133b7885fd4a
-
Size
4.1MB
-
MD5
c2094f0892ae8c9b5562b413c898d847
-
SHA1
aa1f2134706b28dec552a666601ffca6de18814b
-
SHA256
8cc552abaa5626bb8e0f63c876a88ef9c09b25d22f44d44c8c8b133b7885fd4a
-
SHA512
078b26555b657c67104bfecf0a9c980454a4fe4fe290fa314f78de3e1bfe5f09196cfc058fc441c57a8196b8509be6769b64a2d6c7664783e83d0fdc2a8f8da1
-
SSDEEP
98304:s/3z+q3kCw6T/jJgazfJD3b78JfkS5ao/0O4bwkD:Wn3kVa/jJgazpL7SkS5aoN2
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-