General

  • Target

    b4171f72c0cdadbdb3a44dab8671260614937ca0ac75174392254df42c30dcbaN

  • Size

    55KB

  • Sample

    241107-hzmkxazrel

  • MD5

    6a2292164099ef6314c0f9ac57f340d0

  • SHA1

    730ba8c6a42279cebd2e1d0006257852c5ee2287

  • SHA256

    b4171f72c0cdadbdb3a44dab8671260614937ca0ac75174392254df42c30dcba

  • SHA512

    cfd0d267ef48b1a8510d425dceb8da15d7dbf22501bef8bb1767b88dc19ed04b0bab17335bac181d135897b207663caaa697b595635f506e3ba8548f19f22eb5

  • SSDEEP

    1536:jPcA5zqMZcD/LglKv1NGeP6r66666666666666N666666VT666666HDwqPe7NSom:jPXq6cLMDPe7NXNW0A8hh

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b4171f72c0cdadbdb3a44dab8671260614937ca0ac75174392254df42c30dcbaN

    • Size

      55KB

    • MD5

      6a2292164099ef6314c0f9ac57f340d0

    • SHA1

      730ba8c6a42279cebd2e1d0006257852c5ee2287

    • SHA256

      b4171f72c0cdadbdb3a44dab8671260614937ca0ac75174392254df42c30dcba

    • SHA512

      cfd0d267ef48b1a8510d425dceb8da15d7dbf22501bef8bb1767b88dc19ed04b0bab17335bac181d135897b207663caaa697b595635f506e3ba8548f19f22eb5

    • SSDEEP

      1536:jPcA5zqMZcD/LglKv1NGeP6r66666666666666N666666VT666666HDwqPe7NSom:jPXq6cLMDPe7NXNW0A8hh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks