General
-
Target
fbaed9043b1f127b1316d75b88efdc96c09f7c64d68a41b8d186aa8786f4c307
-
Size
4.1MB
-
Sample
230327-h3jnescc27
-
MD5
8ada64e6951a01df47c2ff3c93423cc3
-
SHA1
da13e13045aa47af92e7e2d9afd66ccddf56f462
-
SHA256
fbaed9043b1f127b1316d75b88efdc96c09f7c64d68a41b8d186aa8786f4c307
-
SHA512
1ffdd65403b39b736d27c10d0289050326f219eab954ec80debe5b343f29916bf0db6cbcbb8d2aa523a7fac54dc6379ff32c4d04da4ee64770b9834a9f35e272
-
SSDEEP
98304:RoMmPIQ9IGp28zSklnOADT2j7ssfIRg4gKH3qt4:qRIQ9I6z9CjYsfIRg4nH3qt4
Static task
static1
Malware Config
Targets
-
-
Target
fbaed9043b1f127b1316d75b88efdc96c09f7c64d68a41b8d186aa8786f4c307
-
Size
4.1MB
-
MD5
8ada64e6951a01df47c2ff3c93423cc3
-
SHA1
da13e13045aa47af92e7e2d9afd66ccddf56f462
-
SHA256
fbaed9043b1f127b1316d75b88efdc96c09f7c64d68a41b8d186aa8786f4c307
-
SHA512
1ffdd65403b39b736d27c10d0289050326f219eab954ec80debe5b343f29916bf0db6cbcbb8d2aa523a7fac54dc6379ff32c4d04da4ee64770b9834a9f35e272
-
SSDEEP
98304:RoMmPIQ9IGp28zSklnOADT2j7ssfIRg4gKH3qt4:qRIQ9I6z9CjYsfIRg4nH3qt4
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-