General

  • Target

    8341c349b5cd552e0ee23ff495e6268b99c4c4a1ea689b2057565cbca9314d08N

  • Size

    256KB

  • Sample

    241107-hsrahsxgmg

  • MD5

    841cd4b20bf3c8c59f5065f679826fd0

  • SHA1

    9d8312dab43e5fac367ce624f376a9aee55c8d6e

  • SHA256

    8341c349b5cd552e0ee23ff495e6268b99c4c4a1ea689b2057565cbca9314d08

  • SHA512

    bd0d7b8c92145644dac7a3ffde534a1b7a534749290f687f535a95300110691ebbb94c09148e49dbdb9456cce0a5651ccc7d672cda76f10a1ab51d86e174f565

  • SSDEEP

    6144:oisocqsEtk853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:2QBpnchWcZj

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      8341c349b5cd552e0ee23ff495e6268b99c4c4a1ea689b2057565cbca9314d08N

    • Size

      256KB

    • MD5

      841cd4b20bf3c8c59f5065f679826fd0

    • SHA1

      9d8312dab43e5fac367ce624f376a9aee55c8d6e

    • SHA256

      8341c349b5cd552e0ee23ff495e6268b99c4c4a1ea689b2057565cbca9314d08

    • SHA512

      bd0d7b8c92145644dac7a3ffde534a1b7a534749290f687f535a95300110691ebbb94c09148e49dbdb9456cce0a5651ccc7d672cda76f10a1ab51d86e174f565

    • SSDEEP

      6144:oisocqsEtk853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:2QBpnchWcZj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks