General

  • Target

    fcdce7016a8260ebfaac5775a07b65fad44dadaaa030021b769ce09b93634167N

  • Size

    45KB

  • Sample

    241107-j9q7hsyeqc

  • MD5

    724ee1813e18c3b7ca1deaf59a490ef0

  • SHA1

    e8db847e9321c5cd1ef1bec75f8a1553fbc4644f

  • SHA256

    fcdce7016a8260ebfaac5775a07b65fad44dadaaa030021b769ce09b93634167

  • SHA512

    fa79fb4cf148fd582595ccc83a47e10aeb13414259d36a1edaa9030a540e4ad31fbe7181ad53adf1ed24d1c4569c77c8d395163c0805c6fb2c1e3446ca446d01

  • SSDEEP

    768:Z/aJbhacifxZ/oKC0FsbesLyrfyTuF/Lwlq3Olok+0kuPdiGD/1H5zR:ZQh5iT+Ssbe4gyTuGgORXdxVR

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fcdce7016a8260ebfaac5775a07b65fad44dadaaa030021b769ce09b93634167N

    • Size

      45KB

    • MD5

      724ee1813e18c3b7ca1deaf59a490ef0

    • SHA1

      e8db847e9321c5cd1ef1bec75f8a1553fbc4644f

    • SHA256

      fcdce7016a8260ebfaac5775a07b65fad44dadaaa030021b769ce09b93634167

    • SHA512

      fa79fb4cf148fd582595ccc83a47e10aeb13414259d36a1edaa9030a540e4ad31fbe7181ad53adf1ed24d1c4569c77c8d395163c0805c6fb2c1e3446ca446d01

    • SSDEEP

      768:Z/aJbhacifxZ/oKC0FsbesLyrfyTuF/Lwlq3Olok+0kuPdiGD/1H5zR:ZQh5iT+Ssbe4gyTuGgORXdxVR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks