General
-
Target
53d016d8320c1a788e72f697cf92a787c8bc0ba4c65d36a8adb57e6a4afe2e49.exe
-
Size
288KB
-
Sample
250121-gss9fazlhz
-
MD5
45936c954d24594c5cf1608a490d9b4e
-
SHA1
4dffb39da6ce6d34bf48b3ec8277072c6e8b11f6
-
SHA256
53d016d8320c1a788e72f697cf92a787c8bc0ba4c65d36a8adb57e6a4afe2e49
-
SHA512
1a6932f304b0b2cd22237c72ed20bc85de2d197d3b6735fb8ac61370a23643f15eb258e7f2a00985d25e1f7624aa6f92d29dad30c784cf92877d599d66c20c7c
-
SSDEEP
3072:IaQskYJIHZ0Xisc0/XRGN4xeB7LDT1Yx07KlFYzqpCZSLMi5lQvuIbuzj1DukJFT:IaQXYJIHZ0XNREdLl+wGXAF2PbgKLVN
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
53d016d8320c1a788e72f697cf92a787c8bc0ba4c65d36a8adb57e6a4afe2e49.exe
-
Size
288KB
-
MD5
45936c954d24594c5cf1608a490d9b4e
-
SHA1
4dffb39da6ce6d34bf48b3ec8277072c6e8b11f6
-
SHA256
53d016d8320c1a788e72f697cf92a787c8bc0ba4c65d36a8adb57e6a4afe2e49
-
SHA512
1a6932f304b0b2cd22237c72ed20bc85de2d197d3b6735fb8ac61370a23643f15eb258e7f2a00985d25e1f7624aa6f92d29dad30c784cf92877d599d66c20c7c
-
SSDEEP
3072:IaQskYJIHZ0Xisc0/XRGN4xeB7LDT1Yx07KlFYzqpCZSLMi5lQvuIbuzj1DukJFT:IaQXYJIHZ0XNREdLl+wGXAF2PbgKLVN
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Bruteratel family
-
Detect BruteRatel badger
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-