General

  • Target

    Backdoor.Win32.Berbew.pz1adf59c078c88d151d1736aafe71c3d5a45394c6bf95f595d52e8136628e1242N

  • Size

    91KB

  • Sample

    240916-r78yjstdqk

  • MD5

    fdfae3ec1ef8adfef85f1b1210349b90

  • SHA1

    7db7418e9160b2f1d04dcae43f4c339442891f8c

  • SHA256

    1adf59c078c88d151d1736aafe71c3d5a45394c6bf95f595d52e8136628e1242

  • SHA512

    53b4a1e0d98175cfa8655d3cb77410977c8c21fe8b23ccf6f5eb16ed7c83109ca79175722dfac5150df4886b6399f7dfd35b502c187118c30ed69f7f5e67dc0e

  • SSDEEP

    1536:C/nnLHkDyDJF5zla+NG1qcVqPJxwYKr2dG+eo1xC0GZFXUmSC2e3l:CfnLH5F/aeG1qcowBr24ho1mtye3l

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbew.pz1adf59c078c88d151d1736aafe71c3d5a45394c6bf95f595d52e8136628e1242N

    • Size

      91KB

    • MD5

      fdfae3ec1ef8adfef85f1b1210349b90

    • SHA1

      7db7418e9160b2f1d04dcae43f4c339442891f8c

    • SHA256

      1adf59c078c88d151d1736aafe71c3d5a45394c6bf95f595d52e8136628e1242

    • SHA512

      53b4a1e0d98175cfa8655d3cb77410977c8c21fe8b23ccf6f5eb16ed7c83109ca79175722dfac5150df4886b6399f7dfd35b502c187118c30ed69f7f5e67dc0e

    • SSDEEP

      1536:C/nnLHkDyDJF5zla+NG1qcVqPJxwYKr2dG+eo1xC0GZFXUmSC2e3l:CfnLH5F/aeG1qcowBr24ho1mtye3l

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks