General

  • Target

    TrojanDownloader.Win32.Berbew.pz-6f60ff89ae8b079d590e730a053a8ab7c3eba7cfbf3292d626c1a7fdf8cd2da4N

  • Size

    67KB

  • Sample

    240916-ry3p6ssgme

  • MD5

    081dc6462e18a3aa02399cafbde6d370

  • SHA1

    09b205c17dfd38a9777d8703951fde25927c054a

  • SHA256

    6f60ff89ae8b079d590e730a053a8ab7c3eba7cfbf3292d626c1a7fdf8cd2da4

  • SHA512

    53d802d772b4581431ad12232d9e05fda754d54976d55516fca4d9c914d6927301c8aa9f1f3919e871d424b7f18a7bf2375154ed88bd78dda571c3635bc2f770

  • SSDEEP

    1536:16Zjq2dNfKVtailCqpAsJifTduD4oTxw:1IeIvKpAsJibdMTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-6f60ff89ae8b079d590e730a053a8ab7c3eba7cfbf3292d626c1a7fdf8cd2da4N

    • Size

      67KB

    • MD5

      081dc6462e18a3aa02399cafbde6d370

    • SHA1

      09b205c17dfd38a9777d8703951fde25927c054a

    • SHA256

      6f60ff89ae8b079d590e730a053a8ab7c3eba7cfbf3292d626c1a7fdf8cd2da4

    • SHA512

      53d802d772b4581431ad12232d9e05fda754d54976d55516fca4d9c914d6927301c8aa9f1f3919e871d424b7f18a7bf2375154ed88bd78dda571c3635bc2f770

    • SSDEEP

      1536:16Zjq2dNfKVtailCqpAsJifTduD4oTxw:1IeIvKpAsJibdMTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks