General

  • Target

    451ea88ae3d60c2f636d5a40a63a8df8b1d8a4e7e73f27df26098019984f757fN

  • Size

    345KB

  • Sample

    241107-kbml4s1qbj

  • MD5

    f51fe392629669f06e40af374b709c90

  • SHA1

    9033820ff57a52b374a7033a8e24e90e9128150f

  • SHA256

    451ea88ae3d60c2f636d5a40a63a8df8b1d8a4e7e73f27df26098019984f757f

  • SHA512

    d3191356e708d7a687248d517564c88d57f0a66f77596f9c8c9c0ea14c714cb633bf9e87d0e230ee5330f79968c5567f3c9e1c1bccb4d2c74ed8a6cf81abf648

  • SSDEEP

    6144:dgxjvsCMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aeK9kc:mxrZ1uznghoaHACwBkka8eGp7dPRr6af

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      451ea88ae3d60c2f636d5a40a63a8df8b1d8a4e7e73f27df26098019984f757fN

    • Size

      345KB

    • MD5

      f51fe392629669f06e40af374b709c90

    • SHA1

      9033820ff57a52b374a7033a8e24e90e9128150f

    • SHA256

      451ea88ae3d60c2f636d5a40a63a8df8b1d8a4e7e73f27df26098019984f757f

    • SHA512

      d3191356e708d7a687248d517564c88d57f0a66f77596f9c8c9c0ea14c714cb633bf9e87d0e230ee5330f79968c5567f3c9e1c1bccb4d2c74ed8a6cf81abf648

    • SSDEEP

      6144:dgxjvsCMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aeK9kc:mxrZ1uznghoaHACwBkka8eGp7dPRr6af

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks