General

  • Target

    dac985fa4a4501ca8fdfbce1511a1f3cd0f522c14e645c8018cc53cc37634e33N

  • Size

    45KB

  • Sample

    241107-knqvasygqb

  • MD5

    95a43ec4e630787afaa4c2d0f23a8310

  • SHA1

    a35ccd461a504e2332251de3bbc52fe7f13438cb

  • SHA256

    dac985fa4a4501ca8fdfbce1511a1f3cd0f522c14e645c8018cc53cc37634e33

  • SHA512

    cd31d32a935b46f73e0038670c490bda5990cbad5f26a6f8f52de10ec8cece68a21403969575ac2ec9879d8e3810e29406aa13b9d7845215bb250db5dfc1f4dc

  • SSDEEP

    768:Rta+Nl54s+oNvR3EnUlFlCwE6zV+ul9w9vhNuPs/1H5+Y:za+2oN5cF6zH9QvK6/

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      dac985fa4a4501ca8fdfbce1511a1f3cd0f522c14e645c8018cc53cc37634e33N

    • Size

      45KB

    • MD5

      95a43ec4e630787afaa4c2d0f23a8310

    • SHA1

      a35ccd461a504e2332251de3bbc52fe7f13438cb

    • SHA256

      dac985fa4a4501ca8fdfbce1511a1f3cd0f522c14e645c8018cc53cc37634e33

    • SHA512

      cd31d32a935b46f73e0038670c490bda5990cbad5f26a6f8f52de10ec8cece68a21403969575ac2ec9879d8e3810e29406aa13b9d7845215bb250db5dfc1f4dc

    • SSDEEP

      768:Rta+Nl54s+oNvR3EnUlFlCwE6zV+ul9w9vhNuPs/1H5+Y:za+2oN5cF6zH9QvK6/

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks