General
-
Target
8098683887c5af45cc2e7cd39b2ccb94d00c73c8e447c292c490587b30850018
-
Size
4.1MB
-
Sample
230327-h91khscc58
-
MD5
53007a58d09686ae3f74dd03c4711b94
-
SHA1
2d218aff500a82148833e03edb483763e8bd4271
-
SHA256
8098683887c5af45cc2e7cd39b2ccb94d00c73c8e447c292c490587b30850018
-
SHA512
1ebf7e08aa968b8d8ad0da0c64a116eda6fbe79eeeb1eff303efdb0b8a8d32032358aa561a827fe48086aa9cbac1119773e56d1049cf0ca74c8a3427d2ba460e
-
SSDEEP
98304:RoMmPIQ9IGp28zSklnOADT2j7ssfIRg4gKH3qtX:qRIQ9I6z9CjYsfIRg4nH3qtX
Static task
static1
Malware Config
Targets
-
-
Target
8098683887c5af45cc2e7cd39b2ccb94d00c73c8e447c292c490587b30850018
-
Size
4.1MB
-
MD5
53007a58d09686ae3f74dd03c4711b94
-
SHA1
2d218aff500a82148833e03edb483763e8bd4271
-
SHA256
8098683887c5af45cc2e7cd39b2ccb94d00c73c8e447c292c490587b30850018
-
SHA512
1ebf7e08aa968b8d8ad0da0c64a116eda6fbe79eeeb1eff303efdb0b8a8d32032358aa561a827fe48086aa9cbac1119773e56d1049cf0ca74c8a3427d2ba460e
-
SSDEEP
98304:RoMmPIQ9IGp28zSklnOADT2j7ssfIRg4gKH3qtX:qRIQ9I6z9CjYsfIRg4nH3qtX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-