General

  • Target

    0462ddbd089eec588045afaa24baee7d5be979c5f47efe0558e498c3779178d3N

  • Size

    64KB

  • Sample

    241107-jmz6xaybqe

  • MD5

    90198a946cdfcd1203f166ab92d12fc0

  • SHA1

    196f93ae1a63de740209f706ea31ca8e36bbcf11

  • SHA256

    0462ddbd089eec588045afaa24baee7d5be979c5f47efe0558e498c3779178d3

  • SHA512

    729d5a836152f3b8dc25c631b62998cf9ab0d2fe967a52ea6c9ab3da36a15f8b020549979ea2ecd0bb4eee40453a1d30ac1785801315da50625334d6402fd598

  • SSDEEP

    1536:hXHnBLGWyu/60ZnoSPTE7EaBz88+XUwXfzwv:hXHnYRoBTJ57Pzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0462ddbd089eec588045afaa24baee7d5be979c5f47efe0558e498c3779178d3N

    • Size

      64KB

    • MD5

      90198a946cdfcd1203f166ab92d12fc0

    • SHA1

      196f93ae1a63de740209f706ea31ca8e36bbcf11

    • SHA256

      0462ddbd089eec588045afaa24baee7d5be979c5f47efe0558e498c3779178d3

    • SHA512

      729d5a836152f3b8dc25c631b62998cf9ab0d2fe967a52ea6c9ab3da36a15f8b020549979ea2ecd0bb4eee40453a1d30ac1785801315da50625334d6402fd598

    • SSDEEP

      1536:hXHnBLGWyu/60ZnoSPTE7EaBz88+XUwXfzwv:hXHnYRoBTJ57Pzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks