General

  • Target

    233b728cf4da754b6b1f0fd67a4fc0710a8e3d8483e09e427949ddea2fdc397eN

  • Size

    226KB

  • Sample

    241107-knsznaylax

  • MD5

    e974bae10757b41b30e7eee76eb42100

  • SHA1

    1a35f5b1d11ca4e32edd42d278dfd0b1e9480e02

  • SHA256

    233b728cf4da754b6b1f0fd67a4fc0710a8e3d8483e09e427949ddea2fdc397e

  • SHA512

    9f5d0c652170a2bf3362f25346041e5303f489a74bd023a4506a2b7b113d75134b65cfd3ae14df8d49b6cf399c6f07264ec28b30ff0df8b02f84b8a18e86f27e

  • SSDEEP

    3072:Or51KlCSB3pMXYwDKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtb:Z3pMXYJxEtQtsEtb

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      233b728cf4da754b6b1f0fd67a4fc0710a8e3d8483e09e427949ddea2fdc397eN

    • Size

      226KB

    • MD5

      e974bae10757b41b30e7eee76eb42100

    • SHA1

      1a35f5b1d11ca4e32edd42d278dfd0b1e9480e02

    • SHA256

      233b728cf4da754b6b1f0fd67a4fc0710a8e3d8483e09e427949ddea2fdc397e

    • SHA512

      9f5d0c652170a2bf3362f25346041e5303f489a74bd023a4506a2b7b113d75134b65cfd3ae14df8d49b6cf399c6f07264ec28b30ff0df8b02f84b8a18e86f27e

    • SSDEEP

      3072:Or51KlCSB3pMXYwDKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtb:Z3pMXYJxEtQtsEtb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks