General
-
Target
10ee2e6dbb6afa32bd1ea6956395ecad41a2a26ecc17d2d39ad9451c5ad01982
-
Size
4.1MB
-
Sample
230327-lz664acg88
-
MD5
9be8002a4b72a9f9339a12fed7c83621
-
SHA1
0821c9430e9ddab1efa3bf40a41a686cdfa261a9
-
SHA256
10ee2e6dbb6afa32bd1ea6956395ecad41a2a26ecc17d2d39ad9451c5ad01982
-
SHA512
2122b6d293749810f13af7980b8f8fd1e15eb860e553463c188c24f3633cfca37c4f59f48638589f1b942916e6974d8b6bff0e2c1e12b07ee93a8c7cbf05a8e3
-
SSDEEP
98304:ijPo+YNF394bm9hqWalSTOCj6yFACIaXDNUrgkS3ge:Ip0FKbmLqnlxCj6y9DNU0k0ge
Static task
static1
Malware Config
Targets
-
-
Target
10ee2e6dbb6afa32bd1ea6956395ecad41a2a26ecc17d2d39ad9451c5ad01982
-
Size
4.1MB
-
MD5
9be8002a4b72a9f9339a12fed7c83621
-
SHA1
0821c9430e9ddab1efa3bf40a41a686cdfa261a9
-
SHA256
10ee2e6dbb6afa32bd1ea6956395ecad41a2a26ecc17d2d39ad9451c5ad01982
-
SHA512
2122b6d293749810f13af7980b8f8fd1e15eb860e553463c188c24f3633cfca37c4f59f48638589f1b942916e6974d8b6bff0e2c1e12b07ee93a8c7cbf05a8e3
-
SSDEEP
98304:ijPo+YNF394bm9hqWalSTOCj6yFACIaXDNUrgkS3ge:Ip0FKbmLqnlxCj6y9DNU0k0ge
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-