General
-
Target
8892720e32c6a700f4d3a9f0b10764d3b4bd42abe88482b43b4d782e39130ccf
-
Size
4.1MB
-
Sample
230328-a232nsga95
-
MD5
79be0657a3e64c87ebda0e2176b182c0
-
SHA1
1a8c6e366811ead3a3c2fb0a4b7ad95a83ebc911
-
SHA256
8892720e32c6a700f4d3a9f0b10764d3b4bd42abe88482b43b4d782e39130ccf
-
SHA512
57cc1d2a037c10ad758f89d46ce89730b55cc3bc142bd68236f819113d053771a1024ac95f243a6b600e6d06859a452e5dd10129f9b2a74f4583e0d65b20a4af
-
SSDEEP
98304:chcDO7EgzRJZT3IHKMrqkJWE0LhQ6uMYKrF:cO/LKQqNE0W0F
Static task
static1
Malware Config
Targets
-
-
Target
8892720e32c6a700f4d3a9f0b10764d3b4bd42abe88482b43b4d782e39130ccf
-
Size
4.1MB
-
MD5
79be0657a3e64c87ebda0e2176b182c0
-
SHA1
1a8c6e366811ead3a3c2fb0a4b7ad95a83ebc911
-
SHA256
8892720e32c6a700f4d3a9f0b10764d3b4bd42abe88482b43b4d782e39130ccf
-
SHA512
57cc1d2a037c10ad758f89d46ce89730b55cc3bc142bd68236f819113d053771a1024ac95f243a6b600e6d06859a452e5dd10129f9b2a74f4583e0d65b20a4af
-
SSDEEP
98304:chcDO7EgzRJZT3IHKMrqkJWE0LhQ6uMYKrF:cO/LKQqNE0W0F
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-