General

  • Target

    f0e960bb60791ef77ac3601a8f117ee96b120b1d6fa1e70720d3e310fe4bf38aN

  • Size

    51KB

  • Sample

    241109-hj4jgssndn

  • MD5

    3b0308b0ab41c24042381853405b2af0

  • SHA1

    184fd28126bb67f44a33a2eb549549df8400fed7

  • SHA256

    f0e960bb60791ef77ac3601a8f117ee96b120b1d6fa1e70720d3e310fe4bf38a

  • SHA512

    c70dd0e65c33cf7d17ef61c553fa3b41a64df289f7006691226842444aa607810112eb1e6c9a7abf3a3bc0abf989c526438241e4d4f16fd641b5a4a7f98a6623

  • SSDEEP

    768:VSo1ahCkyhOrFIFZyqlDEH8laBU7aHoQm2TU1Xwjw7yJzVNLQ8Fn3Yvu0yzz/1H0:VshC5ArFmZtDjlsDZT6L7ezVZrcbyzB0

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      f0e960bb60791ef77ac3601a8f117ee96b120b1d6fa1e70720d3e310fe4bf38aN

    • Size

      51KB

    • MD5

      3b0308b0ab41c24042381853405b2af0

    • SHA1

      184fd28126bb67f44a33a2eb549549df8400fed7

    • SHA256

      f0e960bb60791ef77ac3601a8f117ee96b120b1d6fa1e70720d3e310fe4bf38a

    • SHA512

      c70dd0e65c33cf7d17ef61c553fa3b41a64df289f7006691226842444aa607810112eb1e6c9a7abf3a3bc0abf989c526438241e4d4f16fd641b5a4a7f98a6623

    • SSDEEP

      768:VSo1ahCkyhOrFIFZyqlDEH8laBU7aHoQm2TU1Xwjw7yJzVNLQ8Fn3Yvu0yzz/1H0:VshC5ArFmZtDjlsDZT6L7ezVZrcbyzB0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks