General

  • Target

    Backdoor.Win32.Berbew.pz30f0434c80b11ba2f7e523196d14f2b919d5de1152d6e53d9b321d205383ab85N

  • Size

    91KB

  • Sample

    240916-scr7zstgjl

  • MD5

    fe4087f25998e0870b2c82d9fecf24c0

  • SHA1

    897770c1040afe9af55dbbc7dea817b084f06c08

  • SHA256

    30f0434c80b11ba2f7e523196d14f2b919d5de1152d6e53d9b321d205383ab85

  • SHA512

    5a7f8bd4bb69da6ae1dcebdaa3949075701407befac26f034113a7f4840c6420aa39290b100397394a98e0a3653524652e2822462cbfb9724181e7794875236f

  • SSDEEP

    1536:F+OxFFkZUPlFTcbeySmrMY7umizs+h55ia1dMbEGyRVfeDQtob1xS15UJy/vSGw:5jomFTcbeyt7uW+h55ia1dMbEGyBGMVo

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbew.pz30f0434c80b11ba2f7e523196d14f2b919d5de1152d6e53d9b321d205383ab85N

    • Size

      91KB

    • MD5

      fe4087f25998e0870b2c82d9fecf24c0

    • SHA1

      897770c1040afe9af55dbbc7dea817b084f06c08

    • SHA256

      30f0434c80b11ba2f7e523196d14f2b919d5de1152d6e53d9b321d205383ab85

    • SHA512

      5a7f8bd4bb69da6ae1dcebdaa3949075701407befac26f034113a7f4840c6420aa39290b100397394a98e0a3653524652e2822462cbfb9724181e7794875236f

    • SSDEEP

      1536:F+OxFFkZUPlFTcbeySmrMY7umizs+h55ia1dMbEGyRVfeDQtob1xS15UJy/vSGw:5jomFTcbeyt7uW+h55ia1dMbEGyBGMVo

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks