General
-
Target
fdc288d25c390c87b1e6b0473ce0dd36de1968981de7be848414fff9e1d76102
-
Size
4.1MB
-
Sample
230329-vh2pqaag61
-
MD5
9ff3b423695b4eaba0f313a341dde080
-
SHA1
7929053299b04b74e128d4c1ca84121be6dcfa59
-
SHA256
fdc288d25c390c87b1e6b0473ce0dd36de1968981de7be848414fff9e1d76102
-
SHA512
670bae03e27fa07246d85b3852fa50966340dde51b0aebac0e82e45cc82a3f882e58b74314a22f12df7027f5b7735c3df38791311c716185bd56db5b2ccbcb82
-
SSDEEP
98304:ujnSjYp75yn1wZDWJiYgxewLlMVPaIljo1aVt2Wzdqwn:S55m1aWjwLjI9o1afZX
Static task
static1
Malware Config
Targets
-
-
Target
fdc288d25c390c87b1e6b0473ce0dd36de1968981de7be848414fff9e1d76102
-
Size
4.1MB
-
MD5
9ff3b423695b4eaba0f313a341dde080
-
SHA1
7929053299b04b74e128d4c1ca84121be6dcfa59
-
SHA256
fdc288d25c390c87b1e6b0473ce0dd36de1968981de7be848414fff9e1d76102
-
SHA512
670bae03e27fa07246d85b3852fa50966340dde51b0aebac0e82e45cc82a3f882e58b74314a22f12df7027f5b7735c3df38791311c716185bd56db5b2ccbcb82
-
SSDEEP
98304:ujnSjYp75yn1wZDWJiYgxewLlMVPaIljo1aVt2Wzdqwn:S55m1aWjwLjI9o1afZX
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-