General
-
Target
d8824532282c54f0d08a6ea8e53963cf9d530759d510b3522646711c91370f59
-
Size
4.1MB
-
Sample
230327-xdh3xsgh2t
-
MD5
57c64afea473e0c649b4254f61ae3fa2
-
SHA1
4d1199138a03369ca0fdcff2d69a4cacf486b803
-
SHA256
d8824532282c54f0d08a6ea8e53963cf9d530759d510b3522646711c91370f59
-
SHA512
9b7db6f67f5709310b657c1f75b5442c6a3597b4d681dc8f8bd01180fd19e3c316571411ee734db556c2dfeacdded72890931e67dd7b3a4eeb557d10a4f5cde2
-
SSDEEP
98304:rvpOWouYO4mCfghlxU0b33zKayfkyhq08W/:rvAzuYO4JyHaFq+/
Static task
static1
Malware Config
Targets
-
-
Target
d8824532282c54f0d08a6ea8e53963cf9d530759d510b3522646711c91370f59
-
Size
4.1MB
-
MD5
57c64afea473e0c649b4254f61ae3fa2
-
SHA1
4d1199138a03369ca0fdcff2d69a4cacf486b803
-
SHA256
d8824532282c54f0d08a6ea8e53963cf9d530759d510b3522646711c91370f59
-
SHA512
9b7db6f67f5709310b657c1f75b5442c6a3597b4d681dc8f8bd01180fd19e3c316571411ee734db556c2dfeacdded72890931e67dd7b3a4eeb557d10a4f5cde2
-
SSDEEP
98304:rvpOWouYO4mCfghlxU0b33zKayfkyhq08W/:rvAzuYO4JyHaFq+/
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-