General
-
Target
c8a1c6ae1bc1d9f538accde0bece33c8feb58e062475fc7c066275ec1da4b0d7
-
Size
4.2MB
-
Sample
230607-pnawasah6s
-
MD5
ac25d49dbfba143074cc8f3c94c66fc2
-
SHA1
8cb43616ebe04dde99d6d9e1b69d0d84942d1cdd
-
SHA256
c8a1c6ae1bc1d9f538accde0bece33c8feb58e062475fc7c066275ec1da4b0d7
-
SHA512
b5d05ef8a8afd28e2d31de07f4ff3ab21308f203dc4cd67f8945a69c98f872fa8d3a50b03c0a32e197c2c860a548848cef02873691e2dab16ef156aae1a97c76
-
SSDEEP
98304:3+ryqTX39hhVlc5LB/2OriIoNKDqzuQVp20mFyby/:3+fntQLB/2OfoNK2tmV
Static task
static1
Malware Config
Targets
-
-
Target
c8a1c6ae1bc1d9f538accde0bece33c8feb58e062475fc7c066275ec1da4b0d7
-
Size
4.2MB
-
MD5
ac25d49dbfba143074cc8f3c94c66fc2
-
SHA1
8cb43616ebe04dde99d6d9e1b69d0d84942d1cdd
-
SHA256
c8a1c6ae1bc1d9f538accde0bece33c8feb58e062475fc7c066275ec1da4b0d7
-
SHA512
b5d05ef8a8afd28e2d31de07f4ff3ab21308f203dc4cd67f8945a69c98f872fa8d3a50b03c0a32e197c2c860a548848cef02873691e2dab16ef156aae1a97c76
-
SSDEEP
98304:3+ryqTX39hhVlc5LB/2OriIoNKDqzuQVp20mFyby/:3+fntQLB/2OfoNK2tmV
-
Glupteba payload
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-