Research

More on Backdoor.Win32.Breplibot.b

We’ve been analysing the backdoor program which uses the Sony rootkit technology.

Trend Micro has told us that the backdoor was mass mailed using spamming technologies. The message sent was as follows:

Message subject:

Requesting Photo Approval

Attachment name:

article_december_3621.exe

Message body:

Hello,

Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here.

Kind regards,
Jamie Andrews
Editor
www.TotalBusiness.co.uk
**********************************************
The Professional Development Institute
**********************************************

Breplibot.b is 10240 bytes in size, and packed using UPX.

When launching, the backdoor copies itself to the Windows system directory as $SYS$DRV.EXE. Using this name makes it possible for the rootkit technology used by Sony to hide the activity of the malicious program. Of course, the backdoor’s activity will only be hidden if the ‘Sony rootkit’ has been installed on your computer.

Once launched, the backdoor creates the following system registry key:

[HKEY_LOCAL_MACHINE] “WkbpsevaXImgvkwkbpXSmj`kswXGqvvajpRavwmkjXVqj”=”$SYS$DRV.EXE”

More on Backdoor.Win32.Breplibot.b

Your email address will not be published. Required fields are marked *

 

Reports

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox