General
-
Target
c737784121475fc20b150a4f316fb68e52712e46ac4f2fb184d110012687b3c0
-
Size
4.1MB
-
Sample
230328-h396dahe85
-
MD5
a50fd7607a04ddbc95d7ee4c24d71606
-
SHA1
5c65b2790d61d05a7d368eb194eddeb8c4092b16
-
SHA256
c737784121475fc20b150a4f316fb68e52712e46ac4f2fb184d110012687b3c0
-
SHA512
47791619cedd2d1daff3476e17b2807e9806c83a7e9ee7a6da7f5ad64c61b14f2721a345099c31308bf2f754b1018fc0beb06afe1f2d0accdd2daef24d6f4020
-
SSDEEP
98304:2ojG5wSVpA06RFL0CxbWXYdsOzVuQDRCp3gQG6pq+k5FuIF:7SUHW0HBCZgm7OvF
Static task
static1
Malware Config
Targets
-
-
Target
c737784121475fc20b150a4f316fb68e52712e46ac4f2fb184d110012687b3c0
-
Size
4.1MB
-
MD5
a50fd7607a04ddbc95d7ee4c24d71606
-
SHA1
5c65b2790d61d05a7d368eb194eddeb8c4092b16
-
SHA256
c737784121475fc20b150a4f316fb68e52712e46ac4f2fb184d110012687b3c0
-
SHA512
47791619cedd2d1daff3476e17b2807e9806c83a7e9ee7a6da7f5ad64c61b14f2721a345099c31308bf2f754b1018fc0beb06afe1f2d0accdd2daef24d6f4020
-
SSDEEP
98304:2ojG5wSVpA06RFL0CxbWXYdsOzVuQDRCp3gQG6pq+k5FuIF:7SUHW0HBCZgm7OvF
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-