General

  • Target

    TrojanDownloader.Win32.Berbew.pz-693bc6bcebf237653a9282aa69bc8fa5f482bdb07be935729eb9a3108aa3d31bN

  • Size

    91KB

  • Sample

    240916-r7rn9stdnn

  • MD5

    b1e6cc74e50c386b038170e6824e8ee0

  • SHA1

    255216a65a31feb3edc4f0a4cdb41d0ede17e8a5

  • SHA256

    693bc6bcebf237653a9282aa69bc8fa5f482bdb07be935729eb9a3108aa3d31b

  • SHA512

    0180eb1313871c996bf1c96ae3c5e809cde9f1a257e9964e22c26da3ddcf208fbd727174e5be05b01dd7cf5ca31b042a1e068ef417d112b7d64c4d05aeaddc8a

  • SSDEEP

    1536:viPoN0JhBUjECIsbzcEE/I/4ikxDcPiCWzbXzjS8NkI:viHJhBIIsbzbAiccqCcTS3I

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-693bc6bcebf237653a9282aa69bc8fa5f482bdb07be935729eb9a3108aa3d31bN

    • Size

      91KB

    • MD5

      b1e6cc74e50c386b038170e6824e8ee0

    • SHA1

      255216a65a31feb3edc4f0a4cdb41d0ede17e8a5

    • SHA256

      693bc6bcebf237653a9282aa69bc8fa5f482bdb07be935729eb9a3108aa3d31b

    • SHA512

      0180eb1313871c996bf1c96ae3c5e809cde9f1a257e9964e22c26da3ddcf208fbd727174e5be05b01dd7cf5ca31b042a1e068ef417d112b7d64c4d05aeaddc8a

    • SSDEEP

      1536:viPoN0JhBUjECIsbzcEE/I/4ikxDcPiCWzbXzjS8NkI:viHJhBIIsbzbAiccqCcTS3I

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks