General
-
Target
f5c5fede2da9d5abb31801e406b65faf3ffd750e0ca27f337757908ac34bd036
-
Size
4.1MB
-
Sample
230328-lpyf7sac28
-
MD5
f4bcc6206d1a659a8d84c0fd624e8373
-
SHA1
bfaa9aa5d5baa84ab91d4a98e720f57fca1f84ad
-
SHA256
f5c5fede2da9d5abb31801e406b65faf3ffd750e0ca27f337757908ac34bd036
-
SHA512
32ea0d158c2fa433a0aff46b852c160f5b1f73edc3945e8ce11616eae3b9e778bdd7c740afa2daef237a528dc4d16b7498b5aa693b7fd6330abf575cc8907e8e
-
SSDEEP
98304:Ayh1jETwblZHBMNSSg7jKCQXGyLLsWJ3FPCckKmv3C8niJQv:1tbD75Q2yLLswFPCckKii2
Static task
static1
Malware Config
Targets
-
-
Target
f5c5fede2da9d5abb31801e406b65faf3ffd750e0ca27f337757908ac34bd036
-
Size
4.1MB
-
MD5
f4bcc6206d1a659a8d84c0fd624e8373
-
SHA1
bfaa9aa5d5baa84ab91d4a98e720f57fca1f84ad
-
SHA256
f5c5fede2da9d5abb31801e406b65faf3ffd750e0ca27f337757908ac34bd036
-
SHA512
32ea0d158c2fa433a0aff46b852c160f5b1f73edc3945e8ce11616eae3b9e778bdd7c740afa2daef237a528dc4d16b7498b5aa693b7fd6330abf575cc8907e8e
-
SSDEEP
98304:Ayh1jETwblZHBMNSSg7jKCQXGyLLsWJ3FPCckKmv3C8niJQv:1tbD75Q2yLLswFPCckKii2
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-