General

  • Target

    85bf728e9721a194305c3ac39c2e0c2ac1e9ff712a07c192a05619c656e7f93cN

  • Size

    52KB

  • Sample

    241107-hdeceaznbl

  • MD5

    fc12f40edbf1be4e129fcd9ac40402a0

  • SHA1

    71911b411247dc8e9964cf2d9249d47e2fa95287

  • SHA256

    85bf728e9721a194305c3ac39c2e0c2ac1e9ff712a07c192a05619c656e7f93c

  • SHA512

    ebb97f15dfa62ad52049f4bb50ce3a4794f0605c60938bbde5779ac2c663a21f7b910dbac363c2a030907ac4294e148baee26689af18eebde741ff309413f915

  • SSDEEP

    1536:abjjX0+1naHozgXzOeP00bB8qaQUSCMAdKZ:KjXVOmBQUlMRZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      85bf728e9721a194305c3ac39c2e0c2ac1e9ff712a07c192a05619c656e7f93cN

    • Size

      52KB

    • MD5

      fc12f40edbf1be4e129fcd9ac40402a0

    • SHA1

      71911b411247dc8e9964cf2d9249d47e2fa95287

    • SHA256

      85bf728e9721a194305c3ac39c2e0c2ac1e9ff712a07c192a05619c656e7f93c

    • SHA512

      ebb97f15dfa62ad52049f4bb50ce3a4794f0605c60938bbde5779ac2c663a21f7b910dbac363c2a030907ac4294e148baee26689af18eebde741ff309413f915

    • SSDEEP

      1536:abjjX0+1naHozgXzOeP00bB8qaQUSCMAdKZ:KjXVOmBQUlMRZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks