General

  • Target

    cde557dcc7e6e18f9b14616a1cc0ec901d0bb2cf3ab3568108ca88ac8ab98651

  • Size

    93KB

  • Sample

    241221-fq6w3stpbk

  • MD5

    e02c2ca351edbf38e14125fc4e132cd1

  • SHA1

    87cd2c233a475cf07633c1902f2e6a58833ac99d

  • SHA256

    cde557dcc7e6e18f9b14616a1cc0ec901d0bb2cf3ab3568108ca88ac8ab98651

  • SHA512

    67d2dcd6528b208fb3e8c6db231b8e10b7d1bc9036a3b4fc5c3b927b0afc5e33fc27180b68c33b77fbb96b351b0045ac557a15896a84f9d06c5c50ea483d51c6

  • SSDEEP

    1536:gwhTpqKDAWfQCC3/e4O8Yhl7q1KcY1DaYfMZRWuLsV+1L:7zrtfQCCve4qxy9YgYfc0DV+1L

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Targets

    • Target

      cde557dcc7e6e18f9b14616a1cc0ec901d0bb2cf3ab3568108ca88ac8ab98651

    • Size

      93KB

    • MD5

      e02c2ca351edbf38e14125fc4e132cd1

    • SHA1

      87cd2c233a475cf07633c1902f2e6a58833ac99d

    • SHA256

      cde557dcc7e6e18f9b14616a1cc0ec901d0bb2cf3ab3568108ca88ac8ab98651

    • SHA512

      67d2dcd6528b208fb3e8c6db231b8e10b7d1bc9036a3b4fc5c3b927b0afc5e33fc27180b68c33b77fbb96b351b0045ac557a15896a84f9d06c5c50ea483d51c6

    • SSDEEP

      1536:gwhTpqKDAWfQCC3/e4O8Yhl7q1KcY1DaYfMZRWuLsV+1L:7zrtfQCCve4qxy9YgYfc0DV+1L

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Njrat family

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.