General

  • Target

    bcf7c4f31f76cc0b54d0b88608150d0122a089cba13dc3bea768ab27b300e77f

  • Size

    91KB

  • Sample

    241107-ec26asxlej

  • MD5

    741c34a0e7b5f0e74b7fe5ebb7913334

  • SHA1

    689255d08eb30255bb478aa36f4fcef46b267e7e

  • SHA256

    bcf7c4f31f76cc0b54d0b88608150d0122a089cba13dc3bea768ab27b300e77f

  • SHA512

    bfda6d5d9edddf51f9c43ef34b80462c5a90e32b6ee57ee6d9b31a1005e9d67df26d079ad58d4b784062b57d7afbc9d57eec78fb45a54dbdee74f9c799d1c90d

  • SSDEEP

    1536:J0mzVMdy6CuWAU/zW4OSsfEX8QQlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXS:WmxMQHuWAIzW4IRlLBsLnVUUHyNwtN4e

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      bcf7c4f31f76cc0b54d0b88608150d0122a089cba13dc3bea768ab27b300e77f

    • Size

      91KB

    • MD5

      741c34a0e7b5f0e74b7fe5ebb7913334

    • SHA1

      689255d08eb30255bb478aa36f4fcef46b267e7e

    • SHA256

      bcf7c4f31f76cc0b54d0b88608150d0122a089cba13dc3bea768ab27b300e77f

    • SHA512

      bfda6d5d9edddf51f9c43ef34b80462c5a90e32b6ee57ee6d9b31a1005e9d67df26d079ad58d4b784062b57d7afbc9d57eec78fb45a54dbdee74f9c799d1c90d

    • SSDEEP

      1536:J0mzVMdy6CuWAU/zW4OSsfEX8QQlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXS:WmxMQHuWAIzW4IRlLBsLnVUUHyNwtN4e

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks