General

  • Target

    5f25b1b7a2f53e98d8b6cc56302cda30f88a0ddece198e191b70f986984759fdN

  • Size

    91KB

  • Sample

    240921-2k4enaxhqe

  • MD5

    bd1a1374388b0b331aa5e972d70e5270

  • SHA1

    9c0d674b23308f1bcc3c0c134ca6c5c7336aada8

  • SHA256

    5f25b1b7a2f53e98d8b6cc56302cda30f88a0ddece198e191b70f986984759fd

  • SHA512

    a193745fe5e1f7af735bc88066a4b1cbaa187dfc7835482b086b15a9623e8b7533f5463c5079b73c11675b97d202354c552daaf0603f08d2c3930151dd27674a

  • SSDEEP

    1536:UXd2e2j9uS6TOFtNWPz4FuYd6YMo5uSY6MVD0+Bza:UXd2ekrzWUv6i5uSIa

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      5f25b1b7a2f53e98d8b6cc56302cda30f88a0ddece198e191b70f986984759fdN

    • Size

      91KB

    • MD5

      bd1a1374388b0b331aa5e972d70e5270

    • SHA1

      9c0d674b23308f1bcc3c0c134ca6c5c7336aada8

    • SHA256

      5f25b1b7a2f53e98d8b6cc56302cda30f88a0ddece198e191b70f986984759fd

    • SHA512

      a193745fe5e1f7af735bc88066a4b1cbaa187dfc7835482b086b15a9623e8b7533f5463c5079b73c11675b97d202354c552daaf0603f08d2c3930151dd27674a

    • SSDEEP

      1536:UXd2e2j9uS6TOFtNWPz4FuYd6YMo5uSY6MVD0+Bza:UXd2ekrzWUv6i5uSIa

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks