General
-
Target
25de6cd2c12ea9077daba21841c4610361a714641227edcae2fc75693403caa0
-
Size
67KB
-
Sample
241225-xwg9catpar
-
MD5
65da7c1cdfa0ca2e0271086b6e082eb2
-
SHA1
ec1e1d8a48a9371d1e4e565a5e137d70154b4b14
-
SHA256
25de6cd2c12ea9077daba21841c4610361a714641227edcae2fc75693403caa0
-
SHA512
6e60ddf9f678a9e0acdb55e305a8591af1aaafe628d12f03248c17e1de95d990941280c7c2a103e2131a3670181afe3b6b31245b8be480b94339507ddea7283b
-
SSDEEP
1536:CrK2s3ikI/Ilnw1zNKfFTTVeqNI1/Xu2dbVUZ1cgCe8u4:6LsSkVRw1OFTkqNkeMVUZugCe8u4
Malware Config
Extracted
berbew
http://crutop.nu/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://master-x.com/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://crutop.ru/index.php
http://kaspersky.ru/index.php
http://color-bank.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://trojan.ru/index.php
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://fethard.biz/index.htm
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
Targets
-
-
Target
25de6cd2c12ea9077daba21841c4610361a714641227edcae2fc75693403caa0
-
Size
67KB
-
MD5
65da7c1cdfa0ca2e0271086b6e082eb2
-
SHA1
ec1e1d8a48a9371d1e4e565a5e137d70154b4b14
-
SHA256
25de6cd2c12ea9077daba21841c4610361a714641227edcae2fc75693403caa0
-
SHA512
6e60ddf9f678a9e0acdb55e305a8591af1aaafe628d12f03248c17e1de95d990941280c7c2a103e2131a3670181afe3b6b31245b8be480b94339507ddea7283b
-
SSDEEP
1536:CrK2s3ikI/Ilnw1zNKfFTTVeqNI1/Xu2dbVUZ1cgCe8u4:6LsSkVRw1OFTkqNkeMVUZugCe8u4
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-