General
-
Target
5b55976b1a94f88bfbf78f342ee1be551f87561a42ece8568dab7e7e61a169bd
-
Size
4.1MB
-
Sample
230328-16gmcadf42
-
MD5
582554fb55500ddea2abb1708ae7eee8
-
SHA1
3139b3bc901a418bc18b2ebc7253123ecc357240
-
SHA256
5b55976b1a94f88bfbf78f342ee1be551f87561a42ece8568dab7e7e61a169bd
-
SHA512
25419ea681cbc3efc45ed485b99700096071466e2f7fdd647986ef2669dc740d8e02daec1467557c40a9a7aca97714d1dd1a8e3c780343f351af80c51ed928a1
-
SSDEEP
98304:oUdwLCQU4shpicxy6jtxBRMATIHJvkKrcghVt:oUudU4micxy6XvCv/Vt
Static task
static1
Malware Config
Targets
-
-
Target
5b55976b1a94f88bfbf78f342ee1be551f87561a42ece8568dab7e7e61a169bd
-
Size
4.1MB
-
MD5
582554fb55500ddea2abb1708ae7eee8
-
SHA1
3139b3bc901a418bc18b2ebc7253123ecc357240
-
SHA256
5b55976b1a94f88bfbf78f342ee1be551f87561a42ece8568dab7e7e61a169bd
-
SHA512
25419ea681cbc3efc45ed485b99700096071466e2f7fdd647986ef2669dc740d8e02daec1467557c40a9a7aca97714d1dd1a8e3c780343f351af80c51ed928a1
-
SSDEEP
98304:oUdwLCQU4shpicxy6jtxBRMATIHJvkKrcghVt:oUudU4micxy6XvCv/Vt
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-