General

  • Target

    c5dd51e6ad8e5b4a0add0e09860b98b721f45fe299740b645cb5f55951f0aab1

  • Size

    69KB

  • Sample

    241107-er876avgnh

  • MD5

    5c685f8a50e2e41bf72ba3cd6937300d

  • SHA1

    26fe9c32965e546f33543978e36255a74a096587

  • SHA256

    c5dd51e6ad8e5b4a0add0e09860b98b721f45fe299740b645cb5f55951f0aab1

  • SHA512

    b8ed7822f6ac89bb94541bb311dfa3125ab617f6202d9b449ecc6082faf10e8c24c67dbf61c61782939a742dce1d604a281611d85387edffa9d2ee62cde30f33

  • SSDEEP

    1536:0+OG0HZFyJqn000000000000007Q2H5fZlNein/GFZCeDAyY:sG07yE00000000000000M2H5f/NFn/G2

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c5dd51e6ad8e5b4a0add0e09860b98b721f45fe299740b645cb5f55951f0aab1

    • Size

      69KB

    • MD5

      5c685f8a50e2e41bf72ba3cd6937300d

    • SHA1

      26fe9c32965e546f33543978e36255a74a096587

    • SHA256

      c5dd51e6ad8e5b4a0add0e09860b98b721f45fe299740b645cb5f55951f0aab1

    • SHA512

      b8ed7822f6ac89bb94541bb311dfa3125ab617f6202d9b449ecc6082faf10e8c24c67dbf61c61782939a742dce1d604a281611d85387edffa9d2ee62cde30f33

    • SSDEEP

      1536:0+OG0HZFyJqn000000000000007Q2H5fZlNein/GFZCeDAyY:sG07yE00000000000000M2H5f/NFn/G2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks