General
-
Target
1a017d9419bd53be71bc032e4db60675964432c700af05064b0a698d662e3ba1
-
Size
137KB
-
Sample
241123-yvz87stncx
-
MD5
d168926ff04e634b47f745517cf75a0c
-
SHA1
ede1179cb924c3ea1901d16042473e9043269d61
-
SHA256
1a017d9419bd53be71bc032e4db60675964432c700af05064b0a698d662e3ba1
-
SHA512
75bdc8c727d20d031e140502ed4326bfce2bdf5ae7feba836ed21e1e825017847a2492a38fd72f96b5f62f22e598cd35eef004175a6e61b8142f89501558e6e5
-
SSDEEP
3072:7JHrJ6Honqw/lT+FeWUEdmjRrz3TIUV4BKx:tL+op/koVEdGTB
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
1a017d9419bd53be71bc032e4db60675964432c700af05064b0a698d662e3ba1
-
Size
137KB
-
MD5
d168926ff04e634b47f745517cf75a0c
-
SHA1
ede1179cb924c3ea1901d16042473e9043269d61
-
SHA256
1a017d9419bd53be71bc032e4db60675964432c700af05064b0a698d662e3ba1
-
SHA512
75bdc8c727d20d031e140502ed4326bfce2bdf5ae7feba836ed21e1e825017847a2492a38fd72f96b5f62f22e598cd35eef004175a6e61b8142f89501558e6e5
-
SSDEEP
3072:7JHrJ6Honqw/lT+FeWUEdmjRrz3TIUV4BKx:tL+op/koVEdGTB
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-