General
-
Target
0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
-
Size
4.1MB
-
Sample
230329-l75cgahd7v
-
MD5
d3ad3e4399e91fca86fe19c2a1b6bfbb
-
SHA1
8959d518f7b685439b8a6d4ba8556f176a1063e2
-
SHA256
0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
-
SHA512
83386faed8c4b442f769931c2dec42145c9a8a087b887ae44fb63db3c198be1a4e17ba59a8d1cca9584eba79ee0d4d2c5455d3e916725c6a9dc7eacfe3d249bd
-
SSDEEP
98304:dgDaCFb6F3+G/r+eLPqz9ttPc9cWMNfHla/sghWgL3zq1LwM1f:8aCl6FOG/r/Q5fdHl0sg5zzq1sM5
Static task
static1
Malware Config
Targets
-
-
Target
0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
-
Size
4.1MB
-
MD5
d3ad3e4399e91fca86fe19c2a1b6bfbb
-
SHA1
8959d518f7b685439b8a6d4ba8556f176a1063e2
-
SHA256
0c63257d1fd65449922a9a2835b9a8284e5c1da6495586f24ae86f2b8a3ff01a
-
SHA512
83386faed8c4b442f769931c2dec42145c9a8a087b887ae44fb63db3c198be1a4e17ba59a8d1cca9584eba79ee0d4d2c5455d3e916725c6a9dc7eacfe3d249bd
-
SSDEEP
98304:dgDaCFb6F3+G/r+eLPqz9ttPc9cWMNfHla/sghWgL3zq1LwM1f:8aCl6FOG/r/Q5fdHl0sg5zzq1sM5
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-