General

  • Target

    1cf76b46416bd35dfb966a69bee80e6fba62f19f3a99e7540b3b050ed6bb2bd7.exe

  • Size

    76KB

  • Sample

    241112-nqwp4svmcl

  • MD5

    113d404e44a672e1bc5c5f305b4c087b

  • SHA1

    da45305d9bfd8f70c3f0838b4fee57f0cd223f66

  • SHA256

    1cf76b46416bd35dfb966a69bee80e6fba62f19f3a99e7540b3b050ed6bb2bd7

  • SHA512

    eac89fdcd3a365ddaddb6cf443ead208b0e162210fe95a842c6b1b2c3554f6ddc4640d40f36741dee8124f90dc2e8ea228c4f450cbc11e1f16da4b3ae201d382

  • SSDEEP

    1536:QH9D2LL9KyDkKkGMYvRk/lG4tHioQV+/eCeyvCQg:7ZJpUGaHrk+u

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      1cf76b46416bd35dfb966a69bee80e6fba62f19f3a99e7540b3b050ed6bb2bd7.exe

    • Size

      76KB

    • MD5

      113d404e44a672e1bc5c5f305b4c087b

    • SHA1

      da45305d9bfd8f70c3f0838b4fee57f0cd223f66

    • SHA256

      1cf76b46416bd35dfb966a69bee80e6fba62f19f3a99e7540b3b050ed6bb2bd7

    • SHA512

      eac89fdcd3a365ddaddb6cf443ead208b0e162210fe95a842c6b1b2c3554f6ddc4640d40f36741dee8124f90dc2e8ea228c4f450cbc11e1f16da4b3ae201d382

    • SSDEEP

      1536:QH9D2LL9KyDkKkGMYvRk/lG4tHioQV+/eCeyvCQg:7ZJpUGaHrk+u

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks