General
-
Target
b634d1e409328f476404ac1c0c37394543609a069e76b0bc7a2c508c35a11ef6
-
Size
226KB
-
Sample
241123-c8ghcswncz
-
MD5
ff5f59a04b6559f09ad8e23122a4d3a5
-
SHA1
6f63454b058a8719255604e49764f5634fb6990d
-
SHA256
b634d1e409328f476404ac1c0c37394543609a069e76b0bc7a2c508c35a11ef6
-
SHA512
b9601e222847ccf2706f1b0ea43b27e7b57dfafd18b68f335ae0153205b8f4ef5670026995c2184481dba282504d677a431460f17b5be84fe3cc3cbf4481601a
-
SSDEEP
6144:iOT9eaoGpGCr9XfxqySSKpRmSKeTk7eT5ABrnL8MdYg:iOTUfGwC5IKrEAlnLAg
Malware Config
Extracted
berbew
http://f/wcmd.htm
http://f/ppslog.php
http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
b634d1e409328f476404ac1c0c37394543609a069e76b0bc7a2c508c35a11ef6
-
Size
226KB
-
MD5
ff5f59a04b6559f09ad8e23122a4d3a5
-
SHA1
6f63454b058a8719255604e49764f5634fb6990d
-
SHA256
b634d1e409328f476404ac1c0c37394543609a069e76b0bc7a2c508c35a11ef6
-
SHA512
b9601e222847ccf2706f1b0ea43b27e7b57dfafd18b68f335ae0153205b8f4ef5670026995c2184481dba282504d677a431460f17b5be84fe3cc3cbf4481601a
-
SSDEEP
6144:iOT9eaoGpGCr9XfxqySSKpRmSKeTk7eT5ABrnL8MdYg:iOTUfGwC5IKrEAlnLAg
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-