General
-
Target
c5d9dc952f1a8d8826b4d2bf1cd9aa67f67988938dcda4aa2734ceb16434059c
-
Size
4.1MB
-
Sample
230327-mr7y4ada84
-
MD5
ee8d373bb90947e515dda2826595bb66
-
SHA1
eee2e752cfe70a42727a3a2e2338c06130b38ec1
-
SHA256
c5d9dc952f1a8d8826b4d2bf1cd9aa67f67988938dcda4aa2734ceb16434059c
-
SHA512
bf42b6d6ee5ee4b8ec05ebf1803dfa64905ddb8334c0c6e0c44f9b7bb14eedfbf6081e493e54c4a77a0e299401b1f43ea05f40ef981fad8befe3a6d858012e75
-
SSDEEP
98304:qlUsq5/mFUy5W3l9xAhU+wp3o0ideZIOvfviQrMRto/4Sx2:aUB/mFUy5W3l8hM3oN4ZIbQrMRts2
Static task
static1
Malware Config
Targets
-
-
Target
c5d9dc952f1a8d8826b4d2bf1cd9aa67f67988938dcda4aa2734ceb16434059c
-
Size
4.1MB
-
MD5
ee8d373bb90947e515dda2826595bb66
-
SHA1
eee2e752cfe70a42727a3a2e2338c06130b38ec1
-
SHA256
c5d9dc952f1a8d8826b4d2bf1cd9aa67f67988938dcda4aa2734ceb16434059c
-
SHA512
bf42b6d6ee5ee4b8ec05ebf1803dfa64905ddb8334c0c6e0c44f9b7bb14eedfbf6081e493e54c4a77a0e299401b1f43ea05f40ef981fad8befe3a6d858012e75
-
SSDEEP
98304:qlUsq5/mFUy5W3l9xAhU+wp3o0ideZIOvfviQrMRto/4Sx2:aUB/mFUy5W3l8hM3oN4ZIbQrMRts2
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-