General
-
Target
86cb5070b842812b7983518be08408dbdd380be302bd03fd53424772c918e170
-
Size
4.1MB
-
Sample
230329-mdsl9afh26
-
MD5
467eae7c49140bb9d7391d272f22d38e
-
SHA1
0bf4ede76586993398493e79752750c901ca4a3a
-
SHA256
86cb5070b842812b7983518be08408dbdd380be302bd03fd53424772c918e170
-
SHA512
2e31d93252ef2d2ce6cc5dbf5785a67d6771e3858627d3dd4b229aaf8830588d69deb94466ec547e2a0dc899430437138e44202ff843c9e25e72856a2f98d934
-
SSDEEP
98304:dgDaCFb6F3+G/r+eLPqz9ttPc9cWMNfHla/sghWgL3zq1LwM1a:8aCl6FOG/r/Q5fdHl0sg5zzq1sM0
Static task
static1
Malware Config
Targets
-
-
Target
86cb5070b842812b7983518be08408dbdd380be302bd03fd53424772c918e170
-
Size
4.1MB
-
MD5
467eae7c49140bb9d7391d272f22d38e
-
SHA1
0bf4ede76586993398493e79752750c901ca4a3a
-
SHA256
86cb5070b842812b7983518be08408dbdd380be302bd03fd53424772c918e170
-
SHA512
2e31d93252ef2d2ce6cc5dbf5785a67d6771e3858627d3dd4b229aaf8830588d69deb94466ec547e2a0dc899430437138e44202ff843c9e25e72856a2f98d934
-
SSDEEP
98304:dgDaCFb6F3+G/r+eLPqz9ttPc9cWMNfHla/sghWgL3zq1LwM1a:8aCl6FOG/r/Q5fdHl0sg5zzq1sM0
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-