General

  • Target

    b9903df1665306efe7d17233f80a64c9584d4afd6b7c43efe51f2d0a560b8eb4N

  • Size

    49KB

  • Sample

    241107-jabyjsxmbw

  • MD5

    477ce7ebe21763067e483c2d1e97ebb0

  • SHA1

    5670761992c208b024fc43c4350e9e652e920ecb

  • SHA256

    b9903df1665306efe7d17233f80a64c9584d4afd6b7c43efe51f2d0a560b8eb4

  • SHA512

    e2428ed81f56c642d537ef5d8cd17e762b329ceea1d5ae0967f36ee493cf228e098ed4e928f43e5c2d135e808e3364d9e69d2511e2e03b86a44337da6fcc00b6

  • SSDEEP

    768:ETfDyPBuHswCnidSESPluy6CYgUBHX8N4ubzV2799999956v9f3W5L9G0nY/1H5m:EfyPBqsPrPM93fk8IdW5L9RneO

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b9903df1665306efe7d17233f80a64c9584d4afd6b7c43efe51f2d0a560b8eb4N

    • Size

      49KB

    • MD5

      477ce7ebe21763067e483c2d1e97ebb0

    • SHA1

      5670761992c208b024fc43c4350e9e652e920ecb

    • SHA256

      b9903df1665306efe7d17233f80a64c9584d4afd6b7c43efe51f2d0a560b8eb4

    • SHA512

      e2428ed81f56c642d537ef5d8cd17e762b329ceea1d5ae0967f36ee493cf228e098ed4e928f43e5c2d135e808e3364d9e69d2511e2e03b86a44337da6fcc00b6

    • SSDEEP

      768:ETfDyPBuHswCnidSESPluy6CYgUBHX8N4ubzV2799999956v9f3W5L9G0nY/1H5m:EfyPBqsPrPM93fk8IdW5L9RneO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks