General

  • Target

    Backdoor.Win32.Berbew-20af40cbc3e69ab12d397585961f78969bc0aeadbf5adf698d01d992ad1180c6N

  • Size

    49KB

  • Sample

    240916-m3kb6stfjm

  • MD5

    328245cab0e355c369fb5736fefff350

  • SHA1

    800f9e776827af80c6589dac631830bb14deca78

  • SHA256

    20af40cbc3e69ab12d397585961f78969bc0aeadbf5adf698d01d992ad1180c6

  • SHA512

    afb34badc7ce19a4584b401251f6d01701c3cb52f81591f9e811a52f45c9bb4f6154180145aa6704b19c75130b3963098b7aa48d0d5f8381ecf2ef7fb004104d

  • SSDEEP

    768:EHfV4bK0JZKv3JMnV7R+DP2m8DfhxtMGtCt6wnuh//1H5BtH2Xdnh:EHfV4eD3CnV1+DHQthtCt6UaRu

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbew-20af40cbc3e69ab12d397585961f78969bc0aeadbf5adf698d01d992ad1180c6N

    • Size

      49KB

    • MD5

      328245cab0e355c369fb5736fefff350

    • SHA1

      800f9e776827af80c6589dac631830bb14deca78

    • SHA256

      20af40cbc3e69ab12d397585961f78969bc0aeadbf5adf698d01d992ad1180c6

    • SHA512

      afb34badc7ce19a4584b401251f6d01701c3cb52f81591f9e811a52f45c9bb4f6154180145aa6704b19c75130b3963098b7aa48d0d5f8381ecf2ef7fb004104d

    • SSDEEP

      768:EHfV4bK0JZKv3JMnV7R+DP2m8DfhxtMGtCt6wnuh//1H5BtH2Xdnh:EHfV4eD3CnV1+DHQthtCt6UaRu

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks