General
-
Target
e54e80053d377c84e97906ad2bf2acb44428832c4eb839c6f5b3273c357292f0
-
Size
4.1MB
-
Sample
230327-wr98wsgf9x
-
MD5
4f61b0db0fbd7b7c524624af58030785
-
SHA1
a1febb88a29edbe10d427c4549833b6ab5befcea
-
SHA256
e54e80053d377c84e97906ad2bf2acb44428832c4eb839c6f5b3273c357292f0
-
SHA512
fe82d2e20c1583ee219a0dbec864951bcf6c183a8cb12e07564c244710d3f10164146554bc8a3211f59406387e3ca806e1914ad47b49d45272f94f479efbcfce
-
SSDEEP
98304:CR4aIsqGXrMM5+XC79bek6AV6rp64timIOdgjmBZlYVyYAb:42RGgM5+y7kk6AV6/LIygjgZ2VI
Static task
static1
Malware Config
Targets
-
-
Target
e54e80053d377c84e97906ad2bf2acb44428832c4eb839c6f5b3273c357292f0
-
Size
4.1MB
-
MD5
4f61b0db0fbd7b7c524624af58030785
-
SHA1
a1febb88a29edbe10d427c4549833b6ab5befcea
-
SHA256
e54e80053d377c84e97906ad2bf2acb44428832c4eb839c6f5b3273c357292f0
-
SHA512
fe82d2e20c1583ee219a0dbec864951bcf6c183a8cb12e07564c244710d3f10164146554bc8a3211f59406387e3ca806e1914ad47b49d45272f94f479efbcfce
-
SSDEEP
98304:CR4aIsqGXrMM5+XC79bek6AV6rp64timIOdgjmBZlYVyYAb:42RGgM5+y7kk6AV6/LIygjgZ2VI
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-