General

  • Target

    ad0e15162d19f91b4bfafcd84ec393aa9760ee55eb5543325d36a244f33fd455N

  • Size

    91KB

  • Sample

    241107-entnastrbz

  • MD5

    659cc94399baa670d15c66cd2517ec10

  • SHA1

    bbe26f52453b7a7e8953094d9bae73b35e50a830

  • SHA256

    ad0e15162d19f91b4bfafcd84ec393aa9760ee55eb5543325d36a244f33fd455

  • SHA512

    2879eb41c2520d709ff5feb7f62fe06ef1f93aa16629413dc76bbbcf20c9479c3ef7141b201278b3166cb4e4050565b8651721e85dccc4f7ac56a893f720a427

  • SSDEEP

    1536:jeJGANURa/bJdLWb2lLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:je8Ra9NWalLBsLnVUUHyNwtN4/nEBlMS

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ad0e15162d19f91b4bfafcd84ec393aa9760ee55eb5543325d36a244f33fd455N

    • Size

      91KB

    • MD5

      659cc94399baa670d15c66cd2517ec10

    • SHA1

      bbe26f52453b7a7e8953094d9bae73b35e50a830

    • SHA256

      ad0e15162d19f91b4bfafcd84ec393aa9760ee55eb5543325d36a244f33fd455

    • SHA512

      2879eb41c2520d709ff5feb7f62fe06ef1f93aa16629413dc76bbbcf20c9479c3ef7141b201278b3166cb4e4050565b8651721e85dccc4f7ac56a893f720a427

    • SSDEEP

      1536:jeJGANURa/bJdLWb2lLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:je8Ra9NWalLBsLnVUUHyNwtN4/nEBlMS

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks