General

  • Target

    TrojanDownloader.Win32.Berbew.pz-445d14ec1865cb381c07997e03e23da2af6621d5717fe2ff005bdf422add02d0N

  • Size

    91KB

  • Sample

    240916-nkqlxavell

  • MD5

    ba4255ba5f38d8574d21dddcab79d3a0

  • SHA1

    9e5b5c7bfa99a70b482e9112ef9b1d12780f3f61

  • SHA256

    445d14ec1865cb381c07997e03e23da2af6621d5717fe2ff005bdf422add02d0

  • SHA512

    11870e078fd68b2e221f588d8405b0d03dcd5b19eede09d264dfb109959844b476345c7794217d84f2bb1174b06c88aae3f890a3a6eb1e0c2eec4e60547a2f8e

  • SSDEEP

    1536:7CjZ1YJviQYHpfgl3ssb/qjokgMeN+cFDDbVSF863MiN8Ut:2jZ6JtYHulXdkgdN7FDnVSF863Rt

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-445d14ec1865cb381c07997e03e23da2af6621d5717fe2ff005bdf422add02d0N

    • Size

      91KB

    • MD5

      ba4255ba5f38d8574d21dddcab79d3a0

    • SHA1

      9e5b5c7bfa99a70b482e9112ef9b1d12780f3f61

    • SHA256

      445d14ec1865cb381c07997e03e23da2af6621d5717fe2ff005bdf422add02d0

    • SHA512

      11870e078fd68b2e221f588d8405b0d03dcd5b19eede09d264dfb109959844b476345c7794217d84f2bb1174b06c88aae3f890a3a6eb1e0c2eec4e60547a2f8e

    • SSDEEP

      1536:7CjZ1YJviQYHpfgl3ssb/qjokgMeN+cFDDbVSF863MiN8Ut:2jZ6JtYHulXdkgdN7FDnVSF863Rt

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks