General
-
Target
ccea3d36d7f317cc85cd067e634cc4428d2ab1a26c4cd4f1b3599cb5f1e1961f
-
Size
4.1MB
-
Sample
230328-ywa1psdb49
-
MD5
d5f9586c5b24e12d2af0c1ca8df62c10
-
SHA1
ed526b79b81ad32f72fad9751d17fd80ea17a267
-
SHA256
ccea3d36d7f317cc85cd067e634cc4428d2ab1a26c4cd4f1b3599cb5f1e1961f
-
SHA512
4c2af04156a2bd64a52504371d0623b9a29a71c4372628b33abe538f87b9c1b87c5decbc3a5e4f095b063e292b2a791c8f537d44e456d32e9a8e0a7ea3de005c
-
SSDEEP
98304:kELwTlvdgEX2NpXI1CvrZ0wYkLx78mDXz//wDHa17+P6a+DsJxVO2PFu:kEaAEXAsCv10rkLuUz//Wa1iPqsJxVOv
Static task
static1
Malware Config
Targets
-
-
Target
ccea3d36d7f317cc85cd067e634cc4428d2ab1a26c4cd4f1b3599cb5f1e1961f
-
Size
4.1MB
-
MD5
d5f9586c5b24e12d2af0c1ca8df62c10
-
SHA1
ed526b79b81ad32f72fad9751d17fd80ea17a267
-
SHA256
ccea3d36d7f317cc85cd067e634cc4428d2ab1a26c4cd4f1b3599cb5f1e1961f
-
SHA512
4c2af04156a2bd64a52504371d0623b9a29a71c4372628b33abe538f87b9c1b87c5decbc3a5e4f095b063e292b2a791c8f537d44e456d32e9a8e0a7ea3de005c
-
SSDEEP
98304:kELwTlvdgEX2NpXI1CvrZ0wYkLx78mDXz//wDHa17+P6a+DsJxVO2PFu:kEaAEXAsCv10rkLuUz//Wa1iPqsJxVOv
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-