General

  • Target

    016da3249793093d98c4af04c1e2ce79bccd53292d1c8f4c75a805d13cc784f3N

  • Size

    64KB

  • Sample

    241107-eh8v2atqdx

  • MD5

    534fb8d891f1ebd1a5944e3d4eb76ea0

  • SHA1

    b5f1a0e3e8951b7c96eefea69491885e68f529f5

  • SHA256

    016da3249793093d98c4af04c1e2ce79bccd53292d1c8f4c75a805d13cc784f3

  • SHA512

    7fb78d0c505430c06a34d8ab75254730cdc54f237d6bca95ade924806d0757bf39717dc14303b210337e702f793b7a2b11b38e4372b7f813d36d05e5b60d3a2f

  • SSDEEP

    1536:h6KdqtiihzOEgZ5YVgd4zFpPWyAgrPFW2iwTbWv:h6YqsihzOEgQXPFW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      016da3249793093d98c4af04c1e2ce79bccd53292d1c8f4c75a805d13cc784f3N

    • Size

      64KB

    • MD5

      534fb8d891f1ebd1a5944e3d4eb76ea0

    • SHA1

      b5f1a0e3e8951b7c96eefea69491885e68f529f5

    • SHA256

      016da3249793093d98c4af04c1e2ce79bccd53292d1c8f4c75a805d13cc784f3

    • SHA512

      7fb78d0c505430c06a34d8ab75254730cdc54f237d6bca95ade924806d0757bf39717dc14303b210337e702f793b7a2b11b38e4372b7f813d36d05e5b60d3a2f

    • SSDEEP

      1536:h6KdqtiihzOEgZ5YVgd4zFpPWyAgrPFW2iwTbWv:h6YqsihzOEgQXPFW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks