General

  • Target

    caea0801b8fbaba6fe61c3ada589f15542fbb757a0a652d799af8e7c66cb1448N

  • Size

    345KB

  • Sample

    241107-enw4eswamq

  • MD5

    905a5528f3b6ab7d6c2567a5bfbae160

  • SHA1

    08f85975df216e750f7256e64981da4b6c839c27

  • SHA256

    caea0801b8fbaba6fe61c3ada589f15542fbb757a0a652d799af8e7c66cb1448

  • SHA512

    235dc3aec4259d8b18280f264155ccd28bb77b0e23e13041a3208a44aa4ebc4cef80bb0584c2803da6584cca5cc847f2899d4272f06d5bb15b1ca1743e414ad5

  • SSDEEP

    6144:A4+U4U3JdJCMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aea:D94P1uznghoaHACwBkka8eGp7dPRr6af

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      caea0801b8fbaba6fe61c3ada589f15542fbb757a0a652d799af8e7c66cb1448N

    • Size

      345KB

    • MD5

      905a5528f3b6ab7d6c2567a5bfbae160

    • SHA1

      08f85975df216e750f7256e64981da4b6c839c27

    • SHA256

      caea0801b8fbaba6fe61c3ada589f15542fbb757a0a652d799af8e7c66cb1448

    • SHA512

      235dc3aec4259d8b18280f264155ccd28bb77b0e23e13041a3208a44aa4ebc4cef80bb0584c2803da6584cca5cc847f2899d4272f06d5bb15b1ca1743e414ad5

    • SSDEEP

      6144:A4+U4U3JdJCMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aea:D94P1uznghoaHACwBkka8eGp7dPRr6af

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks