General
-
Target
d4276c33705feadeced60a642af66f4170e754864d822b9768f5b6f4d965aba8
-
Size
4.1MB
-
Sample
230329-q6fpyaab8x
-
MD5
9a606d6b37d4a07f7d6b21580b1b96de
-
SHA1
771d4c9ac75f9fd57550fb71765061e715493ebd
-
SHA256
d4276c33705feadeced60a642af66f4170e754864d822b9768f5b6f4d965aba8
-
SHA512
896590f24976f29dca3dcca8bf855e8d62f3259289259d7f4bda082bc722af447b53d9c78d9e38aa1b3033634b81f4d5a7c286475b7840aba34e84d2f1622173
-
SSDEEP
98304:Mn7DsKGaqVohMV3iM4rojo/8eRQfWle7+NTITxGbeKkQCvx:83B+EyiMgojz7JTxc/k/vx
Static task
static1
Malware Config
Targets
-
-
Target
d4276c33705feadeced60a642af66f4170e754864d822b9768f5b6f4d965aba8
-
Size
4.1MB
-
MD5
9a606d6b37d4a07f7d6b21580b1b96de
-
SHA1
771d4c9ac75f9fd57550fb71765061e715493ebd
-
SHA256
d4276c33705feadeced60a642af66f4170e754864d822b9768f5b6f4d965aba8
-
SHA512
896590f24976f29dca3dcca8bf855e8d62f3259289259d7f4bda082bc722af447b53d9c78d9e38aa1b3033634b81f4d5a7c286475b7840aba34e84d2f1622173
-
SSDEEP
98304:Mn7DsKGaqVohMV3iM4rojo/8eRQfWle7+NTITxGbeKkQCvx:83B+EyiMgojz7JTxc/k/vx
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-