General
-
Target
022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
-
Size
4.1MB
-
Sample
230328-3p2x3afe9x
-
MD5
9d3cd832ea266b0bff21095d7e160b74
-
SHA1
c915953aeebc68289e697edf3592178f868ea388
-
SHA256
022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
-
SHA512
e14dbe0c2379e1593351564ac9a776035133560e676c077af2f2aa5f7fc52e7578c872047ff8b7a3fdc76b216e8af719308d43e337ef99cf993569799b9c970e
-
SSDEEP
98304:m7VssOaMQzxlQbp5jBumi+C/se4siECzaN6Vgd:CnVZmid/seb+aN6Vgd
Static task
static1
Malware Config
Targets
-
-
Target
022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
-
Size
4.1MB
-
MD5
9d3cd832ea266b0bff21095d7e160b74
-
SHA1
c915953aeebc68289e697edf3592178f868ea388
-
SHA256
022dd5d20d4c1aa0b58e7613cd90c4f264e563d1f89ce8af25615eb84cf8532c
-
SHA512
e14dbe0c2379e1593351564ac9a776035133560e676c077af2f2aa5f7fc52e7578c872047ff8b7a3fdc76b216e8af719308d43e337ef99cf993569799b9c970e
-
SSDEEP
98304:m7VssOaMQzxlQbp5jBumi+C/se4siECzaN6Vgd:CnVZmid/seb+aN6Vgd
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-