General

  • Target

    8f0c65404ff79848ebb33712a5e170ff954815027b10cec6f58b70017d7fab32

  • Size

    135KB

  • MD5

    ad7629b3e23ff6ee65711560f9126fd6

  • SHA1

    43c618d6c4e60f2bb3293833b83437680b1aefd6

  • SHA256

    8f0c65404ff79848ebb33712a5e170ff954815027b10cec6f58b70017d7fab32

  • SHA512

    d4d7882d1e0ae10c196cd82a892d6471f47f2dfdf2fb310671d3f68ad4786b26223f7540b4dfadd6dbcb46f07a27dd27a9f62cdbe06f2c322fc30277ebf2d6d1

  • SSDEEP

    3072:v4hxQbNOpT9+TZK8Qr5+ViKGe7Yfs0a0Uoi:v4hKNGTYTZK9cViK4fs0l

Score
10/10

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Signatures

  • Berbew family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8f0c65404ff79848ebb33712a5e170ff954815027b10cec6f58b70017d7fab32
    .exe windows:1 windows x86 arch:x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.