General
-
Target
96f5c52b7ae1c11b4da0cd8ba4a021376ab67b7d46f9772f94efa4955185d3bf
-
Size
4.1MB
-
Sample
230329-tefseagh82
-
MD5
b31c3e535cccf20e2b17600cb38e5283
-
SHA1
0203fdf21ddb5a96a3cfe17844866699521caffc
-
SHA256
96f5c52b7ae1c11b4da0cd8ba4a021376ab67b7d46f9772f94efa4955185d3bf
-
SHA512
c01856eb5f54f50442c1e470da442674024f62049bdc03d0adb57fd94edbfed0e61d78d4ba720883d9503565142f4796a757960826f43654066622bb25add786
-
SSDEEP
98304:GYW1Nzi8FwoPWhAPSxdRSy0Rx2cK1uMAEXQ5GUqWDYQdt2hl4667:VuEoPw+AkQuJEGG7WMQz2K
Static task
static1
Malware Config
Targets
-
-
Target
96f5c52b7ae1c11b4da0cd8ba4a021376ab67b7d46f9772f94efa4955185d3bf
-
Size
4.1MB
-
MD5
b31c3e535cccf20e2b17600cb38e5283
-
SHA1
0203fdf21ddb5a96a3cfe17844866699521caffc
-
SHA256
96f5c52b7ae1c11b4da0cd8ba4a021376ab67b7d46f9772f94efa4955185d3bf
-
SHA512
c01856eb5f54f50442c1e470da442674024f62049bdc03d0adb57fd94edbfed0e61d78d4ba720883d9503565142f4796a757960826f43654066622bb25add786
-
SSDEEP
98304:GYW1Nzi8FwoPWhAPSxdRSy0Rx2cK1uMAEXQ5GUqWDYQdt2hl4667:VuEoPw+AkQuJEGG7WMQz2K
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-