General
-
Target
a37825b304e7b77f3e314430a6718f5094e085ea8f9d209854701ce28e33d565
-
Size
4.1MB
-
Sample
230329-rp7mrsac5v
-
MD5
f9c8fea8e579df299c25fcfaed603bb2
-
SHA1
9f52eb9f994801c77d2941611a754e9ac99dfd00
-
SHA256
a37825b304e7b77f3e314430a6718f5094e085ea8f9d209854701ce28e33d565
-
SHA512
ff89a062d6654fc722e0afe850eb1d2d61a7e359ccf3bf4f173db199fde3a8326b4a1451d35fa7714ad9302f0cace1e078b231bd8038586abb3240e0d3d8c9c8
-
SSDEEP
98304:Mn7DsKGaqVohMV3iM4rojo/8eRQfWle7+NTITxGbeKkQCvc:83B+EyiMgojz7JTxc/k/vc
Static task
static1
Malware Config
Targets
-
-
Target
a37825b304e7b77f3e314430a6718f5094e085ea8f9d209854701ce28e33d565
-
Size
4.1MB
-
MD5
f9c8fea8e579df299c25fcfaed603bb2
-
SHA1
9f52eb9f994801c77d2941611a754e9ac99dfd00
-
SHA256
a37825b304e7b77f3e314430a6718f5094e085ea8f9d209854701ce28e33d565
-
SHA512
ff89a062d6654fc722e0afe850eb1d2d61a7e359ccf3bf4f173db199fde3a8326b4a1451d35fa7714ad9302f0cace1e078b231bd8038586abb3240e0d3d8c9c8
-
SSDEEP
98304:Mn7DsKGaqVohMV3iM4rojo/8eRQfWle7+NTITxGbeKkQCvc:83B+EyiMgojz7JTxc/k/vc
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-