General
-
Target
9f325b2e07c7fd537f2173a77c0acb6b997418f6be6a605e995abb1ac4160407
-
Size
4.1MB
-
Sample
230327-lme7vaeg8v
-
MD5
011875ccbd3d9f4bca19453cdfd931ed
-
SHA1
c0d8ded8802a505088dd5ad72be3f51dbd68a088
-
SHA256
9f325b2e07c7fd537f2173a77c0acb6b997418f6be6a605e995abb1ac4160407
-
SHA512
697e0d87f9ebeb445d21bc1fb4a1869d22ff5f95a047bd0938367c3f567cd847cffe2e09aaf85fc3b3ef5d324b09e1b0c11f1ec7112caf9f68263d00c4c31ce2
-
SSDEEP
98304:ijPo+YNF394bm9hqWalSTOCj6yFACIaXDNUrgkS3gK:Ip0FKbmLqnlxCj6y9DNU0k0gK
Static task
static1
Malware Config
Targets
-
-
Target
9f325b2e07c7fd537f2173a77c0acb6b997418f6be6a605e995abb1ac4160407
-
Size
4.1MB
-
MD5
011875ccbd3d9f4bca19453cdfd931ed
-
SHA1
c0d8ded8802a505088dd5ad72be3f51dbd68a088
-
SHA256
9f325b2e07c7fd537f2173a77c0acb6b997418f6be6a605e995abb1ac4160407
-
SHA512
697e0d87f9ebeb445d21bc1fb4a1869d22ff5f95a047bd0938367c3f567cd847cffe2e09aaf85fc3b3ef5d324b09e1b0c11f1ec7112caf9f68263d00c4c31ce2
-
SSDEEP
98304:ijPo+YNF394bm9hqWalSTOCj6yFACIaXDNUrgkS3gK:Ip0FKbmLqnlxCj6y9DNU0k0gK
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-