General

  • Target

    Backdoor.Win32.Berbew-c2b59caf57d505a4dee9a0b47aa88d47cab182373d986fb3661b5bdd454040feN

  • Size

    49KB

  • Sample

    240916-m2ys6steqn

  • MD5

    d10b2105dfb1a1676f22ac10941f40a0

  • SHA1

    faa63b7f799ed5de30f47e3be079f8d3745c965b

  • SHA256

    c2b59caf57d505a4dee9a0b47aa88d47cab182373d986fb3661b5bdd454040fe

  • SHA512

    7791084f5325f07e14a8e75216ca263bd56ad1acce7b2945969575091210666a206f0e592a9f51de4a02657e0670d53d7ca491d931a7a08109f50bfa1890d9dc

  • SSDEEP

    768:EjjicnZ4HQuQDeK2xpz5+nyh8SHuyH9G0MXA/1H532Xdnh:EnHZGADd2xpz5+nzSHuyH9G0IGy

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbew-c2b59caf57d505a4dee9a0b47aa88d47cab182373d986fb3661b5bdd454040feN

    • Size

      49KB

    • MD5

      d10b2105dfb1a1676f22ac10941f40a0

    • SHA1

      faa63b7f799ed5de30f47e3be079f8d3745c965b

    • SHA256

      c2b59caf57d505a4dee9a0b47aa88d47cab182373d986fb3661b5bdd454040fe

    • SHA512

      7791084f5325f07e14a8e75216ca263bd56ad1acce7b2945969575091210666a206f0e592a9f51de4a02657e0670d53d7ca491d931a7a08109f50bfa1890d9dc

    • SSDEEP

      768:EjjicnZ4HQuQDeK2xpz5+nyh8SHuyH9G0MXA/1H532Xdnh:EnHZGADd2xpz5+nzSHuyH9G0IGy

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks