General
-
Target
ceeb91c4ca662c85b3f1aa255920a57098245a80da01c73acf4b985bd5c6cc11
-
Size
4.1MB
-
Sample
230328-jckcpshf38
-
MD5
4c4a5b8978c533a925251ab02b6588ed
-
SHA1
464ee64ad8547d7da2825302b2110469cfc99add
-
SHA256
ceeb91c4ca662c85b3f1aa255920a57098245a80da01c73acf4b985bd5c6cc11
-
SHA512
3089eb52f492c8f9bf6cd802f3d0fe35c9bd9cb987ce2316d6ea7ecae8222e8fe1be71a3e7f5a2c3394500ffa6d65a0808ac3671d8d79b22c1273a87fad6a50d
-
SSDEEP
98304:2ojG5wSVpA06RFL0CxbWXYdsOzVuQDRCp3gQG6pq+k5FuI+:7SUHW0HBCZgm7Ov+
Static task
static1
Malware Config
Targets
-
-
Target
ceeb91c4ca662c85b3f1aa255920a57098245a80da01c73acf4b985bd5c6cc11
-
Size
4.1MB
-
MD5
4c4a5b8978c533a925251ab02b6588ed
-
SHA1
464ee64ad8547d7da2825302b2110469cfc99add
-
SHA256
ceeb91c4ca662c85b3f1aa255920a57098245a80da01c73acf4b985bd5c6cc11
-
SHA512
3089eb52f492c8f9bf6cd802f3d0fe35c9bd9cb987ce2316d6ea7ecae8222e8fe1be71a3e7f5a2c3394500ffa6d65a0808ac3671d8d79b22c1273a87fad6a50d
-
SSDEEP
98304:2ojG5wSVpA06RFL0CxbWXYdsOzVuQDRCp3gQG6pq+k5FuI+:7SUHW0HBCZgm7Ov+
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-