General

  • Target

    b07ff20e4964ef3877e5b7cabaee79684337a93e49f6bab02538877c69539a9aN

  • Size

    91KB

  • Sample

    241107-hdnabaxemg

  • MD5

    262e90c365d06dd67621558fff115fe0

  • SHA1

    a58a1bf66c42ab71604be16cfc992bab32054f1d

  • SHA256

    b07ff20e4964ef3877e5b7cabaee79684337a93e49f6bab02538877c69539a9a

  • SHA512

    db928350a7d456ccb7a37da6b4cd4c18114972a8d53ee997b78cfda37e1d8e51f5aae7d7081752948a3e2740788be085832129c26607a59de2ca3dba97738f43

  • SSDEEP

    1536:hM8U/BDX8koQfBu3LGxORxXk21ObQwkBqlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaJ:hpUSo2olBlLBsLnVUUHyNwtN4/nEBlMS

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b07ff20e4964ef3877e5b7cabaee79684337a93e49f6bab02538877c69539a9aN

    • Size

      91KB

    • MD5

      262e90c365d06dd67621558fff115fe0

    • SHA1

      a58a1bf66c42ab71604be16cfc992bab32054f1d

    • SHA256

      b07ff20e4964ef3877e5b7cabaee79684337a93e49f6bab02538877c69539a9a

    • SHA512

      db928350a7d456ccb7a37da6b4cd4c18114972a8d53ee997b78cfda37e1d8e51f5aae7d7081752948a3e2740788be085832129c26607a59de2ca3dba97738f43

    • SSDEEP

      1536:hM8U/BDX8koQfBu3LGxORxXk21ObQwkBqlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaJ:hpUSo2olBlLBsLnVUUHyNwtN4/nEBlMS

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks