General

  • Target

    b1a6074874d473648e0dfcbfc1f73b7e93fdb72bc78aacbdf2113d2ef9e1f43aN

  • Size

    362KB

  • Sample

    241107-fa359awdrk

  • MD5

    f593213e5ca1c971cdcf62ac7bbd2050

  • SHA1

    7f8851671affe781ddbddfb7204bb8c87a1fca03

  • SHA256

    b1a6074874d473648e0dfcbfc1f73b7e93fdb72bc78aacbdf2113d2ef9e1f43a

  • SHA512

    49cecb7fdfa30635f2d60504d3f667472c008a595c5e02145e907afca49b996665a77bcb0cca373e67991e4631f087e41ee11632c33240197026e848087e9e0d

  • SSDEEP

    6144:vPuDi5tTtk52umf5tTR8Y/j5tTtk52umf5tTB:vmm5txZ5tNzL5txZ5tN

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b1a6074874d473648e0dfcbfc1f73b7e93fdb72bc78aacbdf2113d2ef9e1f43aN

    • Size

      362KB

    • MD5

      f593213e5ca1c971cdcf62ac7bbd2050

    • SHA1

      7f8851671affe781ddbddfb7204bb8c87a1fca03

    • SHA256

      b1a6074874d473648e0dfcbfc1f73b7e93fdb72bc78aacbdf2113d2ef9e1f43a

    • SHA512

      49cecb7fdfa30635f2d60504d3f667472c008a595c5e02145e907afca49b996665a77bcb0cca373e67991e4631f087e41ee11632c33240197026e848087e9e0d

    • SSDEEP

      6144:vPuDi5tTtk52umf5tTR8Y/j5tTtk52umf5tTB:vmm5txZ5tNzL5txZ5tN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks