General

  • Target

    b2d499b9928d230b30b3bb19e52466701e26e6dcfb84c2524547e1d7c185b1a9N

  • Size

    52KB

  • Sample

    241107-ht9s9azqfr

  • MD5

    7804bc3fce957438d62517a968112300

  • SHA1

    559f42dfb20c3e30e4a7392c216a3fd5e9697325

  • SHA256

    b2d499b9928d230b30b3bb19e52466701e26e6dcfb84c2524547e1d7c185b1a9

  • SHA512

    6da5c84a034422986390d2d1b774ba787133c434701deadcd32712805fbb5e650b689e97a30008fb9744ec1513d0a8ed3df0bf551aa8c931a542717c0f0d8de9

  • SSDEEP

    768:P/77DCTo6yK21avSmNO6Udv+WyrRQ8SZ4TZ+qJ8Mk/Xk/1H5F/sCZPMABvKWe:Pj7DCToVMKmI6UUWN6rphMAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b2d499b9928d230b30b3bb19e52466701e26e6dcfb84c2524547e1d7c185b1a9N

    • Size

      52KB

    • MD5

      7804bc3fce957438d62517a968112300

    • SHA1

      559f42dfb20c3e30e4a7392c216a3fd5e9697325

    • SHA256

      b2d499b9928d230b30b3bb19e52466701e26e6dcfb84c2524547e1d7c185b1a9

    • SHA512

      6da5c84a034422986390d2d1b774ba787133c434701deadcd32712805fbb5e650b689e97a30008fb9744ec1513d0a8ed3df0bf551aa8c931a542717c0f0d8de9

    • SSDEEP

      768:P/77DCTo6yK21avSmNO6Udv+WyrRQ8SZ4TZ+qJ8Mk/Xk/1H5F/sCZPMABvKWe:Pj7DCToVMKmI6UUWN6rphMAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks