General
-
Target
9c11327c65e320e8f9f5b1f85a4df2a30648315fb218a7dde34df4074f54747a
-
Size
4.1MB
-
Sample
230326-zgaxtsaa24
-
MD5
77bf66663cac3e86378049c5c24aa280
-
SHA1
d7dc5933db05693a6a66fac086a9053991b4789a
-
SHA256
9c11327c65e320e8f9f5b1f85a4df2a30648315fb218a7dde34df4074f54747a
-
SHA512
a6367518b6ef1ae5c18239e34294d0e747173499df0878758a2b437db753ca91c6885db552949db047e0c30c967b6bd9320f958fb4f03728c58b65b0e302cdf2
-
SSDEEP
98304:21Mvy3BUmqtAP5v+7QhtPwaHYVYBSKkUTO/7Tfa2:21TUFSF+7QzZzBSKdTqbJ
Static task
static1
Malware Config
Targets
-
-
Target
9c11327c65e320e8f9f5b1f85a4df2a30648315fb218a7dde34df4074f54747a
-
Size
4.1MB
-
MD5
77bf66663cac3e86378049c5c24aa280
-
SHA1
d7dc5933db05693a6a66fac086a9053991b4789a
-
SHA256
9c11327c65e320e8f9f5b1f85a4df2a30648315fb218a7dde34df4074f54747a
-
SHA512
a6367518b6ef1ae5c18239e34294d0e747173499df0878758a2b437db753ca91c6885db552949db047e0c30c967b6bd9320f958fb4f03728c58b65b0e302cdf2
-
SSDEEP
98304:21Mvy3BUmqtAP5v+7QhtPwaHYVYBSKkUTO/7Tfa2:21TUFSF+7QzZzBSKdTqbJ
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-