General
-
Target
a9ad5baeb7b34d08248554b912000eceb421757e1fbb12affe4bc8b1a7e0e8cfN
-
Size
80KB
-
Sample
241012-wrqt9atela
-
MD5
a4455253d82f93a006a09dee08e53130
-
SHA1
2b13c1baacfb8e008a4d0e435abe41b4639f7c13
-
SHA256
a9ad5baeb7b34d08248554b912000eceb421757e1fbb12affe4bc8b1a7e0e8cf
-
SHA512
4d87a37a61cdd29b039f5b4dbeb3dcf9164fc48c43e1008ff46027182908ab28b52a957a55a618109cc07e6f532a3d6b920e9228a3b09b6a8d589f821e98c2e7
-
SSDEEP
1536:Lgp03/4Qbzsn8A8+XLL3Sje3plfUZxlznOBlRQA2CRJJ5R2xOSC4BG:Lc05bolWjuplczNOBleArJ5wxO344
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
a9ad5baeb7b34d08248554b912000eceb421757e1fbb12affe4bc8b1a7e0e8cfN
-
Size
80KB
-
MD5
a4455253d82f93a006a09dee08e53130
-
SHA1
2b13c1baacfb8e008a4d0e435abe41b4639f7c13
-
SHA256
a9ad5baeb7b34d08248554b912000eceb421757e1fbb12affe4bc8b1a7e0e8cf
-
SHA512
4d87a37a61cdd29b039f5b4dbeb3dcf9164fc48c43e1008ff46027182908ab28b52a957a55a618109cc07e6f532a3d6b920e9228a3b09b6a8d589f821e98c2e7
-
SSDEEP
1536:Lgp03/4Qbzsn8A8+XLL3Sje3plfUZxlznOBlRQA2CRJJ5R2xOSC4BG:Lc05bolWjuplczNOBleArJ5wxO344
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-