General
-
Target
634f5f2b55f619a3bff128a91add972ffa3d288d42b63ba1bc3f6f6c8ff64ff2
-
Size
128KB
-
Sample
241207-27k7lavjcr
-
MD5
e4e9f90cd6c784089729a2a395940e84
-
SHA1
e9570a4cd594fd0a579d0d04afe35bf3e737ad89
-
SHA256
634f5f2b55f619a3bff128a91add972ffa3d288d42b63ba1bc3f6f6c8ff64ff2
-
SHA512
6a782c19757172d65d63fbdd4d8e0d4624e63324429da283b836d799ed8f935919dfb8c16ecdac5d16c9f8f8840131c03bbb82b6467b8d5c39b3e9e51c833afa
-
SSDEEP
1536:ncKxjzx3vgiuzZWvJsHsCvlO53q52IrFzTXMtDhGJ5taRFkIsoh+RWGHd9vHOT:cajzx34R9sJsH7vlg3q/haR5sS+vfU
Malware Config
Extracted
berbew
http://crutop.nu/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://master-x.com/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://crutop.ru/index.php
http://kaspersky.ru/index.php
http://color-bank.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://trojan.ru/index.php
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://fethard.biz/index.htm
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
Targets
-
-
Target
634f5f2b55f619a3bff128a91add972ffa3d288d42b63ba1bc3f6f6c8ff64ff2
-
Size
128KB
-
MD5
e4e9f90cd6c784089729a2a395940e84
-
SHA1
e9570a4cd594fd0a579d0d04afe35bf3e737ad89
-
SHA256
634f5f2b55f619a3bff128a91add972ffa3d288d42b63ba1bc3f6f6c8ff64ff2
-
SHA512
6a782c19757172d65d63fbdd4d8e0d4624e63324429da283b836d799ed8f935919dfb8c16ecdac5d16c9f8f8840131c03bbb82b6467b8d5c39b3e9e51c833afa
-
SSDEEP
1536:ncKxjzx3vgiuzZWvJsHsCvlO53q52IrFzTXMtDhGJ5taRFkIsoh+RWGHd9vHOT:cajzx34R9sJsH7vlg3q/haR5sS+vfU
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-