General

  • Target

    0e6f3db80768b43770b8f2cee75b29b0411b88e448747a50e8cb743b8da5fe11N

  • Size

    250KB

  • Sample

    241107-erpthsxpal

  • MD5

    c1683393814c74744134f077d9c3cf50

  • SHA1

    51f2b48d934108b714982c8e50d6b0afd228ffc4

  • SHA256

    0e6f3db80768b43770b8f2cee75b29b0411b88e448747a50e8cb743b8da5fe11

  • SHA512

    34ade6b5c18a82ffe2759eacb0b13e7260a1ea47b4ba5c14a223ae52e285f2cbb9f9ea2052bea7a151bfeb10cfcb42cdf9aa05656744896c5c7bc5f3c52a810a

  • SSDEEP

    6144:F4UHZtL2b2vCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:eUZta7

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0e6f3db80768b43770b8f2cee75b29b0411b88e448747a50e8cb743b8da5fe11N

    • Size

      250KB

    • MD5

      c1683393814c74744134f077d9c3cf50

    • SHA1

      51f2b48d934108b714982c8e50d6b0afd228ffc4

    • SHA256

      0e6f3db80768b43770b8f2cee75b29b0411b88e448747a50e8cb743b8da5fe11

    • SHA512

      34ade6b5c18a82ffe2759eacb0b13e7260a1ea47b4ba5c14a223ae52e285f2cbb9f9ea2052bea7a151bfeb10cfcb42cdf9aa05656744896c5c7bc5f3c52a810a

    • SSDEEP

      6144:F4UHZtL2b2vCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:eUZta7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks