General
-
Target
9ab922afeb5ce1db433a216c47c2425a11d32cb36e9c213e969d86d8a3e87453
-
Size
4.1MB
-
Sample
230328-jcgltabd6t
-
MD5
bd043b9a2cedc5a6a80581f040dbdb7f
-
SHA1
7671a081ae6662a4e3a308366bb83318cc359b31
-
SHA256
9ab922afeb5ce1db433a216c47c2425a11d32cb36e9c213e969d86d8a3e87453
-
SHA512
57b527413aa794667881c2652620a43c2b6ef02adc0340f655fbfae7e727eef4de8c14a0e02eea979da3811796ece786a433c3bd8ce7e0796ca4386c37b5f092
-
SSDEEP
98304:2ojG5wSVpA06RFL0CxbWXYdsOzVuQDRCp3gQG6pq+k5FuIu:7SUHW0HBCZgm7Ovu
Static task
static1
Malware Config
Targets
-
-
Target
9ab922afeb5ce1db433a216c47c2425a11d32cb36e9c213e969d86d8a3e87453
-
Size
4.1MB
-
MD5
bd043b9a2cedc5a6a80581f040dbdb7f
-
SHA1
7671a081ae6662a4e3a308366bb83318cc359b31
-
SHA256
9ab922afeb5ce1db433a216c47c2425a11d32cb36e9c213e969d86d8a3e87453
-
SHA512
57b527413aa794667881c2652620a43c2b6ef02adc0340f655fbfae7e727eef4de8c14a0e02eea979da3811796ece786a433c3bd8ce7e0796ca4386c37b5f092
-
SSDEEP
98304:2ojG5wSVpA06RFL0CxbWXYdsOzVuQDRCp3gQG6pq+k5FuIu:7SUHW0HBCZgm7Ovu
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-