General

  • Target

    1a1fd5cda6366764852632e9f15787c2f8bee9de6d2d196c7240677f05cc8166N

  • Size

    67KB

  • Sample

    241107-j951ns1pfr

  • MD5

    df8cb8b5ef7e59f1da00cd79676a5b30

  • SHA1

    cd04517da4db31dcfd350cb20c970d4d759b91f2

  • SHA256

    1a1fd5cda6366764852632e9f15787c2f8bee9de6d2d196c7240677f05cc8166

  • SHA512

    396e9f0b8ddf78a1e6b3325ebda96304ec5e4849724e95899a26eccef890732603679caaa4edadb826d8cbcec49fce5d34eb66ff745944312ae3536cbcdd2718

  • SSDEEP

    1536:2IaAU137F9lYmOjZHcIrYGCXDZfNqsJifTduD4oTxwB:L9UBrlYLclGCzZlqsJibdMTxwB

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1a1fd5cda6366764852632e9f15787c2f8bee9de6d2d196c7240677f05cc8166N

    • Size

      67KB

    • MD5

      df8cb8b5ef7e59f1da00cd79676a5b30

    • SHA1

      cd04517da4db31dcfd350cb20c970d4d759b91f2

    • SHA256

      1a1fd5cda6366764852632e9f15787c2f8bee9de6d2d196c7240677f05cc8166

    • SHA512

      396e9f0b8ddf78a1e6b3325ebda96304ec5e4849724e95899a26eccef890732603679caaa4edadb826d8cbcec49fce5d34eb66ff745944312ae3536cbcdd2718

    • SSDEEP

      1536:2IaAU137F9lYmOjZHcIrYGCXDZfNqsJifTduD4oTxwB:L9UBrlYLclGCzZlqsJibdMTxwB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks