General

  • Target

    774b86dc913c878eb0bc37cbe153d4626a3424895991d0d671d54a875ad6e2f2N

  • Size

    52KB

  • Sample

    241107-hqn3daxglb

  • MD5

    3f63cc6138b43ccb5246e42857a9b5f0

  • SHA1

    5096058b7cecb774d58a6715710ad010b830a430

  • SHA256

    774b86dc913c878eb0bc37cbe153d4626a3424895991d0d671d54a875ad6e2f2

  • SHA512

    1cc60793f6eb2b6ec31ee73048458d5e4e1de8ebf6f05706d5654d2aa063602fd0adc812453d55247a986dc60897f07e9e0d22943872b412137d3959e968a6b0

  • SSDEEP

    1536:XNwl6pbno2QVaHWXaP2J5VCDnEnnyyyvsCkGGMAdKZ:XNwl6pbno7VaHWGnEnnyyyiGGMRZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      774b86dc913c878eb0bc37cbe153d4626a3424895991d0d671d54a875ad6e2f2N

    • Size

      52KB

    • MD5

      3f63cc6138b43ccb5246e42857a9b5f0

    • SHA1

      5096058b7cecb774d58a6715710ad010b830a430

    • SHA256

      774b86dc913c878eb0bc37cbe153d4626a3424895991d0d671d54a875ad6e2f2

    • SHA512

      1cc60793f6eb2b6ec31ee73048458d5e4e1de8ebf6f05706d5654d2aa063602fd0adc812453d55247a986dc60897f07e9e0d22943872b412137d3959e968a6b0

    • SSDEEP

      1536:XNwl6pbno2QVaHWXaP2J5VCDnEnnyyyvsCkGGMAdKZ:XNwl6pbno7VaHWGnEnnyyyiGGMRZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks