General

  • Target

    9cedf4fd20dbc98db00f754d03ff022bd1b8c2d59f403051faf32466d32b9095N

  • Size

    512KB

  • Sample

    241107-e9hsxsxreq

  • MD5

    be63d509f195ccc387c76082bee1c070

  • SHA1

    3d789d4c49e4f81e56bdef8a17dd46af23912f05

  • SHA256

    9cedf4fd20dbc98db00f754d03ff022bd1b8c2d59f403051faf32466d32b9095

  • SHA512

    b537d7c882335a26df7e9cbf20fe38183c15eed98eb729e35063c8767af1332878b2e3fd581a9351f8485b972f0a8f2e8f272aec58c9e110182c931b46ba1659

  • SSDEEP

    6144:GpwcPUZ55tTDUZNSN58VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:OU55t6NSN6G5t1sI5yl48pArv8o4L

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9cedf4fd20dbc98db00f754d03ff022bd1b8c2d59f403051faf32466d32b9095N

    • Size

      512KB

    • MD5

      be63d509f195ccc387c76082bee1c070

    • SHA1

      3d789d4c49e4f81e56bdef8a17dd46af23912f05

    • SHA256

      9cedf4fd20dbc98db00f754d03ff022bd1b8c2d59f403051faf32466d32b9095

    • SHA512

      b537d7c882335a26df7e9cbf20fe38183c15eed98eb729e35063c8767af1332878b2e3fd581a9351f8485b972f0a8f2e8f272aec58c9e110182c931b46ba1659

    • SSDEEP

      6144:GpwcPUZ55tTDUZNSN58VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:OU55t6NSN6G5t1sI5yl48pArv8o4L

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks