General
-
Target
799a83227d368f8b2480e3083cfdecda8f4d20cc2365aad1036cbe57b68f0e65
-
Size
4.1MB
-
Sample
230329-vsqefahb95
-
MD5
f29d8595ddf4444effcde18795dcc71a
-
SHA1
721fb7b61fa7b0d9485604392e261ac7fc681389
-
SHA256
799a83227d368f8b2480e3083cfdecda8f4d20cc2365aad1036cbe57b68f0e65
-
SHA512
9e08237037e3e1e41cfa959ad2efbd1203879415c228678cbc6e7aa5a72416527e95ff17f52f73e03f5882f231170682bac6f07f350d1c9ff0dff6e840f9dad7
-
SSDEEP
98304:ujnSjYp75yn1wZDWJiYgxewLlMVPaIljo1aVt2WzdqwS:S55m1aWjwLjI9o1afZC
Static task
static1
Malware Config
Targets
-
-
Target
799a83227d368f8b2480e3083cfdecda8f4d20cc2365aad1036cbe57b68f0e65
-
Size
4.1MB
-
MD5
f29d8595ddf4444effcde18795dcc71a
-
SHA1
721fb7b61fa7b0d9485604392e261ac7fc681389
-
SHA256
799a83227d368f8b2480e3083cfdecda8f4d20cc2365aad1036cbe57b68f0e65
-
SHA512
9e08237037e3e1e41cfa959ad2efbd1203879415c228678cbc6e7aa5a72416527e95ff17f52f73e03f5882f231170682bac6f07f350d1c9ff0dff6e840f9dad7
-
SSDEEP
98304:ujnSjYp75yn1wZDWJiYgxewLlMVPaIljo1aVt2WzdqwS:S55m1aWjwLjI9o1afZC
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-