General
-
Target
43d0cbd83b6a0a296cd1e49260339d591a22b60209261fbae1c39b6af51df78e
-
Size
4.1MB
-
Sample
230328-tbfy1ade5v
-
MD5
75359bbdaf5a442553d2dd1286a1d941
-
SHA1
a52046c9ce321bd2eb4fbb0c52d078983cd4c405
-
SHA256
43d0cbd83b6a0a296cd1e49260339d591a22b60209261fbae1c39b6af51df78e
-
SHA512
7c728d7f940652c62cfffb377892d9716e1ee1e4eb37c34097a1105f5f0ce42a96b1647ec3fb6f9593a4c7f5658457f4ac4bac227cdd00b88ef4418b9e8fd563
-
SSDEEP
98304:Jv8VP4qda1AwlCuF+X7nTfk2P7Px/Hvgk/7FHeVAkEdgGt0WI3TL+T:dq8fviU4x/YYeuky0Ve
Static task
static1
Malware Config
Targets
-
-
Target
43d0cbd83b6a0a296cd1e49260339d591a22b60209261fbae1c39b6af51df78e
-
Size
4.1MB
-
MD5
75359bbdaf5a442553d2dd1286a1d941
-
SHA1
a52046c9ce321bd2eb4fbb0c52d078983cd4c405
-
SHA256
43d0cbd83b6a0a296cd1e49260339d591a22b60209261fbae1c39b6af51df78e
-
SHA512
7c728d7f940652c62cfffb377892d9716e1ee1e4eb37c34097a1105f5f0ce42a96b1647ec3fb6f9593a4c7f5658457f4ac4bac227cdd00b88ef4418b9e8fd563
-
SSDEEP
98304:Jv8VP4qda1AwlCuF+X7nTfk2P7Px/Hvgk/7FHeVAkEdgGt0WI3TL+T:dq8fviU4x/YYeuky0Ve
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-