General
-
Target
fb5801749d5404ae4b95846fd45527a3268aae3fa8bbf292f5155830bc25150f
-
Size
4.1MB
-
Sample
230327-qjnf9sff6t
-
MD5
e7494820b6188a50cbd343e428139500
-
SHA1
8ab2a453956c4cd5e1f0529c20891be609d8958e
-
SHA256
fb5801749d5404ae4b95846fd45527a3268aae3fa8bbf292f5155830bc25150f
-
SHA512
3deda711a90b79849076e1e15da695f1efd2584ed8e85ad525faad9bdaf596130ef9813499084de1adcb079c475b681d64c68bf2b34ad4741c3ecc0d75139b30
-
SSDEEP
98304:yLqWm8EUt/RsxsyuOliVwdHZMwkg3X+WAEpeoGZdJ:jynt/Sxsyu+yc2wkUX+GURv
Static task
static1
Malware Config
Targets
-
-
Target
fb5801749d5404ae4b95846fd45527a3268aae3fa8bbf292f5155830bc25150f
-
Size
4.1MB
-
MD5
e7494820b6188a50cbd343e428139500
-
SHA1
8ab2a453956c4cd5e1f0529c20891be609d8958e
-
SHA256
fb5801749d5404ae4b95846fd45527a3268aae3fa8bbf292f5155830bc25150f
-
SHA512
3deda711a90b79849076e1e15da695f1efd2584ed8e85ad525faad9bdaf596130ef9813499084de1adcb079c475b681d64c68bf2b34ad4741c3ecc0d75139b30
-
SSDEEP
98304:yLqWm8EUt/RsxsyuOliVwdHZMwkg3X+WAEpeoGZdJ:jynt/Sxsyu+yc2wkUX+GURv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-