General

  • Target

    d3e73c29d2aea8bd596dd993ad30d8487fbf4e790feaac9fced620b3219ed29bN

  • Size

    64KB

  • Sample

    241107-eabkkatpay

  • MD5

    c90dfe148a79fb817b970f1bb6b3f2b0

  • SHA1

    16f3079dda03ab159349b04d241eb33f6c12a39e

  • SHA256

    d3e73c29d2aea8bd596dd993ad30d8487fbf4e790feaac9fced620b3219ed29b

  • SHA512

    0e0f23231ff514fae3a6535176b1a49afb8e5f3597aaf8220c0873f6286b14dd8f1f4f5e288b11ccd31f3f34ef5af566d96c08fd710485351f68421b932edf0a

  • SSDEEP

    768:82KFhnAKJS4kZEZeMHOzGtqDDvLFMIPIbXydsqyavM/AQI0xx2/1H5B6XJ1IwEGQ:i6COWLydLyaUIXOXUwXfzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      d3e73c29d2aea8bd596dd993ad30d8487fbf4e790feaac9fced620b3219ed29bN

    • Size

      64KB

    • MD5

      c90dfe148a79fb817b970f1bb6b3f2b0

    • SHA1

      16f3079dda03ab159349b04d241eb33f6c12a39e

    • SHA256

      d3e73c29d2aea8bd596dd993ad30d8487fbf4e790feaac9fced620b3219ed29b

    • SHA512

      0e0f23231ff514fae3a6535176b1a49afb8e5f3597aaf8220c0873f6286b14dd8f1f4f5e288b11ccd31f3f34ef5af566d96c08fd710485351f68421b932edf0a

    • SSDEEP

      768:82KFhnAKJS4kZEZeMHOzGtqDDvLFMIPIbXydsqyavM/AQI0xx2/1H5B6XJ1IwEGQ:i6COWLydLyaUIXOXUwXfzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks