General

  • Target

    ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3N

  • Size

    63KB

  • Sample

    241013-t7t6hawgkg

  • MD5

    a266346aaa29ce3df5b377b080e17950

  • SHA1

    b6baadb5378bb4db955806c6cb3c5a7e3176c44a

  • SHA256

    ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3

  • SHA512

    2d0d1ac4af3a994fe1d0c3fcdc91897aa1eca4fd481f8a56d78bb32d6fcd55a36b8733323d598a2028377ef41340984198095bab3cb9c1780d6dff66184b3146

  • SSDEEP

    1536:eFeC0u9nPwlJlX/BwI4mNmA7e7Y3+V+En9rjDHE:eB0u1WHP+I45vY3o+k9DHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3N

    • Size

      63KB

    • MD5

      a266346aaa29ce3df5b377b080e17950

    • SHA1

      b6baadb5378bb4db955806c6cb3c5a7e3176c44a

    • SHA256

      ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3

    • SHA512

      2d0d1ac4af3a994fe1d0c3fcdc91897aa1eca4fd481f8a56d78bb32d6fcd55a36b8733323d598a2028377ef41340984198095bab3cb9c1780d6dff66184b3146

    • SSDEEP

      1536:eFeC0u9nPwlJlX/BwI4mNmA7e7Y3+V+En9rjDHE:eB0u1WHP+I45vY3o+k9DHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks