General
-
Target
2f34762083211116b4c42e2ab68fdd026f244ffc7ce6f8497486bcda265e6744
-
Size
4.1MB
-
Sample
230327-w93xjaeg67
-
MD5
e353f117209194d573e7e644db9c20b2
-
SHA1
ea0ac51a29810939c740a70d2f9523298e44e419
-
SHA256
2f34762083211116b4c42e2ab68fdd026f244ffc7ce6f8497486bcda265e6744
-
SHA512
9ddd11e3cc4017f9636b819dc571a453696f130ba0306e47a43a624c8d95b4888c3615b7899761281a0a2db31c93d4792df468cde206fa27c41e33289309adff
-
SSDEEP
98304:rvpOWouYO4mCfghlxU0b33zKayfkyhq08WQ:rvAzuYO4JyHaFq+Q
Static task
static1
Malware Config
Targets
-
-
Target
2f34762083211116b4c42e2ab68fdd026f244ffc7ce6f8497486bcda265e6744
-
Size
4.1MB
-
MD5
e353f117209194d573e7e644db9c20b2
-
SHA1
ea0ac51a29810939c740a70d2f9523298e44e419
-
SHA256
2f34762083211116b4c42e2ab68fdd026f244ffc7ce6f8497486bcda265e6744
-
SHA512
9ddd11e3cc4017f9636b819dc571a453696f130ba0306e47a43a624c8d95b4888c3615b7899761281a0a2db31c93d4792df468cde206fa27c41e33289309adff
-
SSDEEP
98304:rvpOWouYO4mCfghlxU0b33zKayfkyhq08WQ:rvAzuYO4JyHaFq+Q
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-