General
-
Target
e3a43550fc87b430f21fbc3014a3609da000ab08b7b60e4c0b2bb85afd812143
-
Size
4.1MB
-
Sample
230327-lqh3xaeh2s
-
MD5
b08d44b0e1cbec057102bce1062b4ae6
-
SHA1
44e3773184426437a65a2b940161b7ff5ea6398e
-
SHA256
e3a43550fc87b430f21fbc3014a3609da000ab08b7b60e4c0b2bb85afd812143
-
SHA512
325debcac564a1788cf57ecc2cdb3438daff89389dcd72166efe2b5b29ecf58ff002d16badceae8ec235888219cee6f72a6263c1764c8e8c7908e745d89e0ba7
-
SSDEEP
98304:ijPo+YNF394bm9hqWalSTOCj6yFACIaXDNUrgkS3gv:Ip0FKbmLqnlxCj6y9DNU0k0gv
Static task
static1
Malware Config
Targets
-
-
Target
e3a43550fc87b430f21fbc3014a3609da000ab08b7b60e4c0b2bb85afd812143
-
Size
4.1MB
-
MD5
b08d44b0e1cbec057102bce1062b4ae6
-
SHA1
44e3773184426437a65a2b940161b7ff5ea6398e
-
SHA256
e3a43550fc87b430f21fbc3014a3609da000ab08b7b60e4c0b2bb85afd812143
-
SHA512
325debcac564a1788cf57ecc2cdb3438daff89389dcd72166efe2b5b29ecf58ff002d16badceae8ec235888219cee6f72a6263c1764c8e8c7908e745d89e0ba7
-
SSDEEP
98304:ijPo+YNF394bm9hqWalSTOCj6yFACIaXDNUrgkS3gv:Ip0FKbmLqnlxCj6y9DNU0k0gv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-