General

  • Target

    d0fa03ffca140f8e7d52836c435e2cfaa7a659687994476024e28f6c70cf44f6N

  • Size

    64KB

  • Sample

    241031-b7htcswhlf

  • MD5

    d2fe556013e7200a9bbbdef2b9d5c310

  • SHA1

    ccdb70c4632d31e6588997d944d9731f0b8696e7

  • SHA256

    d0fa03ffca140f8e7d52836c435e2cfaa7a659687994476024e28f6c70cf44f6

  • SHA512

    96ca518054c4361e4040feff8a8dd9b188c8daa34b8358681328ddcfc00c2ea17e7cd4099f2e8bd29d5d6bc4721f6d692cbc4191564524ae19cdf74f24bb6818

  • SSDEEP

    1536:SET6mcIUvptU4DrfUDB/r2h8AWysrPFW2iwTbWv:nFcIUvp3DrfUDklXAFW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      d0fa03ffca140f8e7d52836c435e2cfaa7a659687994476024e28f6c70cf44f6N

    • Size

      64KB

    • MD5

      d2fe556013e7200a9bbbdef2b9d5c310

    • SHA1

      ccdb70c4632d31e6588997d944d9731f0b8696e7

    • SHA256

      d0fa03ffca140f8e7d52836c435e2cfaa7a659687994476024e28f6c70cf44f6

    • SHA512

      96ca518054c4361e4040feff8a8dd9b188c8daa34b8358681328ddcfc00c2ea17e7cd4099f2e8bd29d5d6bc4721f6d692cbc4191564524ae19cdf74f24bb6818

    • SSDEEP

      1536:SET6mcIUvptU4DrfUDB/r2h8AWysrPFW2iwTbWv:nFcIUvp3DrfUDklXAFW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks