General

  • Target

    cfc0277eb400053c7547f90b5e0faf45aa12f3e78bb94dbcf67a0d53faabadcdN

  • Size

    64KB

  • Sample

    241107-d3hznsxjfp

  • MD5

    7336e674cdc7edbf5b1b6dbe3871d760

  • SHA1

    5bbf9ed3ef958e691ff19378d1ec2f49d58dd8b5

  • SHA256

    cfc0277eb400053c7547f90b5e0faf45aa12f3e78bb94dbcf67a0d53faabadcd

  • SHA512

    c7928980c9698876222f7730b95342e02f19967ef50513a462ecda21dfab153794601114cdafb1a37d50a8af6350c33a7dbd68c3ed6a6871b42baaa668d29594

  • SSDEEP

    768:GJwctL93JiHXUGGgeb/JGIaKbVczJukzG3OT9a/1H54FYZqKA2kms8Y/ts/9d2Nm:8Z3AX5GxYOMJ7aO9gWyIrPFW2iwTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cfc0277eb400053c7547f90b5e0faf45aa12f3e78bb94dbcf67a0d53faabadcdN

    • Size

      64KB

    • MD5

      7336e674cdc7edbf5b1b6dbe3871d760

    • SHA1

      5bbf9ed3ef958e691ff19378d1ec2f49d58dd8b5

    • SHA256

      cfc0277eb400053c7547f90b5e0faf45aa12f3e78bb94dbcf67a0d53faabadcd

    • SHA512

      c7928980c9698876222f7730b95342e02f19967ef50513a462ecda21dfab153794601114cdafb1a37d50a8af6350c33a7dbd68c3ed6a6871b42baaa668d29594

    • SSDEEP

      768:GJwctL93JiHXUGGgeb/JGIaKbVczJukzG3OT9a/1H54FYZqKA2kms8Y/ts/9d2Nm:8Z3AX5GxYOMJ7aO9gWyIrPFW2iwTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks