General

  • Target

    7a6cf5e9d77555bf26e815d688e20bf5b85f5184550aa2ae7790f649f8983203N

  • Size

    91KB

  • Sample

    241109-kkzm2atqej

  • MD5

    6889761a9d9c129c07430c35dffea040

  • SHA1

    09e5ab530f940e2001962f579fc0e7992fa431c5

  • SHA256

    7a6cf5e9d77555bf26e815d688e20bf5b85f5184550aa2ae7790f649f8983203

  • SHA512

    d47cc621d0571b9e81bcc7ea10275fd1144683e21cde7f9d10dbf81404bedc13c2818004271b65ac49a3e500bbfb95448dc98fcbbd153de3d3c98eaca4b93513

  • SSDEEP

    1536:PNaNmsYU8uOAw4vlc/daCkRExUyTg3Yz1PEsl9pNNjOQdgy2df7kcaEBaWMKAmpR:FsmsJ6BRPEofjO4gyufh4gAmpw9mou

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      7a6cf5e9d77555bf26e815d688e20bf5b85f5184550aa2ae7790f649f8983203N

    • Size

      91KB

    • MD5

      6889761a9d9c129c07430c35dffea040

    • SHA1

      09e5ab530f940e2001962f579fc0e7992fa431c5

    • SHA256

      7a6cf5e9d77555bf26e815d688e20bf5b85f5184550aa2ae7790f649f8983203

    • SHA512

      d47cc621d0571b9e81bcc7ea10275fd1144683e21cde7f9d10dbf81404bedc13c2818004271b65ac49a3e500bbfb95448dc98fcbbd153de3d3c98eaca4b93513

    • SSDEEP

      1536:PNaNmsYU8uOAw4vlc/daCkRExUyTg3Yz1PEsl9pNNjOQdgy2df7kcaEBaWMKAmpR:FsmsJ6BRPEofjO4gyufh4gAmpw9mou

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks