General

  • Target

    40a07d02f900fddae4ad8034edf604d238e3322667f0022bbb5b199a4e62bfbeN

  • Size

    923KB

  • Sample

    241110-qt47rs1kbn

  • MD5

    e67fc17c7a6af7c1132b302ff65c2540

  • SHA1

    c3959d153c1bf3da3b14a42e6c1f966987e1c846

  • SHA256

    40a07d02f900fddae4ad8034edf604d238e3322667f0022bbb5b199a4e62bfbe

  • SHA512

    92fdbb4605d5655728d6b755149998da48b99e0c57815e599a82110d3ce92e913d5996b63b04806c18a7a4db7f5d1f326fdb041f3b24e564876fabba47c4aff7

  • SSDEEP

    6144:qcT0VEPQ///NR5fKr2n0MO3LPlkUCmVs5bPQ///NR5frdQt383PQ///NR5fKr2nI:K/Ng1/Nmr/Ng1/Nblt01PBNkEoIe

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      40a07d02f900fddae4ad8034edf604d238e3322667f0022bbb5b199a4e62bfbeN

    • Size

      923KB

    • MD5

      e67fc17c7a6af7c1132b302ff65c2540

    • SHA1

      c3959d153c1bf3da3b14a42e6c1f966987e1c846

    • SHA256

      40a07d02f900fddae4ad8034edf604d238e3322667f0022bbb5b199a4e62bfbe

    • SHA512

      92fdbb4605d5655728d6b755149998da48b99e0c57815e599a82110d3ce92e913d5996b63b04806c18a7a4db7f5d1f326fdb041f3b24e564876fabba47c4aff7

    • SSDEEP

      6144:qcT0VEPQ///NR5fKr2n0MO3LPlkUCmVs5bPQ///NR5frdQt383PQ///NR5fKr2nI:K/Ng1/Nmr/Ng1/Nblt01PBNkEoIe

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks