General

  • Target

    b5904751a331d6b682a6d8b97b420e93567130f8ac5668ec6b62568c06cb26bfN

  • Size

    45KB

  • Sample

    240930-hqdawa1fjr

  • MD5

    24787b13e22e242cad5c747730403660

  • SHA1

    a4548af4c678ffef5fbdd358c6d546a7606f29aa

  • SHA256

    b5904751a331d6b682a6d8b97b420e93567130f8ac5668ec6b62568c06cb26bf

  • SHA512

    68b729043cdab61e44ec2b301482b1962a4d3977ca277004fa523cdc2288891cf7264077d558efdaa3b4e6eedf1697ed394f29c30a9195799e7195669a07d621

  • SSDEEP

    768:NSajMMACCGYhwfWjWEoirlQCDIKh6x4+z0Cy4B/1H5c:721wuZhvc26x4+z0CymK

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b5904751a331d6b682a6d8b97b420e93567130f8ac5668ec6b62568c06cb26bfN

    • Size

      45KB

    • MD5

      24787b13e22e242cad5c747730403660

    • SHA1

      a4548af4c678ffef5fbdd358c6d546a7606f29aa

    • SHA256

      b5904751a331d6b682a6d8b97b420e93567130f8ac5668ec6b62568c06cb26bf

    • SHA512

      68b729043cdab61e44ec2b301482b1962a4d3977ca277004fa523cdc2288891cf7264077d558efdaa3b4e6eedf1697ed394f29c30a9195799e7195669a07d621

    • SSDEEP

      768:NSajMMACCGYhwfWjWEoirlQCDIKh6x4+z0Cy4B/1H5c:721wuZhvc26x4+z0CymK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.