General
-
Target
82f0f011580652d66472e416da7c374d9b125b8746b3093f87083f60962912fc
-
Size
81KB
-
Sample
241208-asp4fsslez
-
MD5
4ef693cb08e96110249e24240d0e817f
-
SHA1
ca35e4dc050560115af05cde7b8f676ce1daf9bd
-
SHA256
82f0f011580652d66472e416da7c374d9b125b8746b3093f87083f60962912fc
-
SHA512
8e63b6777ba4887c0082866ee8aeaafcbefb987bba1992b28d8fe3eeb4b66bce99599637d92182dc8d6ab5f11d1d33e0b8abe752bd8d607a6a664a1a5f0792a0
-
SSDEEP
1536:B9h/jIjKbEC72fVU2FYvoZtU+8ZnzF2WVV7m4LO++/+1m6KadhYxU33HX0r:1jMEJ2fVU2EoZtooWb/LrCimBaH8UH3M
Malware Config
Extracted
berbew
http://crutop.nu/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://master-x.com/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://crutop.ru/index.php
http://kaspersky.ru/index.php
http://color-bank.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://trojan.ru/index.php
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://fethard.biz/index.htm
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
Targets
-
-
Target
82f0f011580652d66472e416da7c374d9b125b8746b3093f87083f60962912fc
-
Size
81KB
-
MD5
4ef693cb08e96110249e24240d0e817f
-
SHA1
ca35e4dc050560115af05cde7b8f676ce1daf9bd
-
SHA256
82f0f011580652d66472e416da7c374d9b125b8746b3093f87083f60962912fc
-
SHA512
8e63b6777ba4887c0082866ee8aeaafcbefb987bba1992b28d8fe3eeb4b66bce99599637d92182dc8d6ab5f11d1d33e0b8abe752bd8d607a6a664a1a5f0792a0
-
SSDEEP
1536:B9h/jIjKbEC72fVU2FYvoZtU+8ZnzF2WVV7m4LO++/+1m6KadhYxU33HX0r:1jMEJ2fVU2EoZtooWb/LrCimBaH8UH3M
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-