General
-
Target
c3cf8b893b392e86981737b20ac2f95ce1f7b766f11a9b93c227f10595d0c556
-
Size
4.1MB
-
Sample
230327-jjbn5scc94
-
MD5
dc0de7de40ce7c39f7129d926e2d0009
-
SHA1
5613b6570e9f7e1577f0fb61ab6fac613f0eb2bc
-
SHA256
c3cf8b893b392e86981737b20ac2f95ce1f7b766f11a9b93c227f10595d0c556
-
SHA512
7be6469d8abaf20322f75751006504c5740e5ca9e2fb465a24df5bc0211b7ce04f62855dee29b3ed5cf61d5897404a74b442578529e9f6a3e5ced0b7f91a11c2
-
SSDEEP
98304:RoMmPIQ9IGp28zSklnOADT2j7ssfIRg4gKH3qtd:qRIQ9I6z9CjYsfIRg4nH3qtd
Static task
static1
Malware Config
Targets
-
-
Target
c3cf8b893b392e86981737b20ac2f95ce1f7b766f11a9b93c227f10595d0c556
-
Size
4.1MB
-
MD5
dc0de7de40ce7c39f7129d926e2d0009
-
SHA1
5613b6570e9f7e1577f0fb61ab6fac613f0eb2bc
-
SHA256
c3cf8b893b392e86981737b20ac2f95ce1f7b766f11a9b93c227f10595d0c556
-
SHA512
7be6469d8abaf20322f75751006504c5740e5ca9e2fb465a24df5bc0211b7ce04f62855dee29b3ed5cf61d5897404a74b442578529e9f6a3e5ced0b7f91a11c2
-
SSDEEP
98304:RoMmPIQ9IGp28zSklnOADT2j7ssfIRg4gKH3qtd:qRIQ9I6z9CjYsfIRg4nH3qtd
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-