General

  • Target

    1abbb4fbcc697870ad3602d2d6e2a5c5e02838d4b4ad12a3f8928dd59719e2a2N

  • Size

    64KB

  • Sample

    241109-f67hjsyelj

  • MD5

    8aa5bdd3b16c4e9735f46567a3c19c80

  • SHA1

    146fd38446bf6045f23e9b611b5316e99095bbd3

  • SHA256

    1abbb4fbcc697870ad3602d2d6e2a5c5e02838d4b4ad12a3f8928dd59719e2a2

  • SHA512

    f724e23feaf3918639fe4f80950cf591ebb5d088df906ead9acc4c1044ba7fffe89f434dfef7eeb6c70c2ad9bff92200018042fb63a1caa94eba75bdca6a1a68

  • SSDEEP

    1536:6TPlaMK112XE7u42T/JzmKuQpXUwXfzwv:McMK12zl/JznNPzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1abbb4fbcc697870ad3602d2d6e2a5c5e02838d4b4ad12a3f8928dd59719e2a2N

    • Size

      64KB

    • MD5

      8aa5bdd3b16c4e9735f46567a3c19c80

    • SHA1

      146fd38446bf6045f23e9b611b5316e99095bbd3

    • SHA256

      1abbb4fbcc697870ad3602d2d6e2a5c5e02838d4b4ad12a3f8928dd59719e2a2

    • SHA512

      f724e23feaf3918639fe4f80950cf591ebb5d088df906ead9acc4c1044ba7fffe89f434dfef7eeb6c70c2ad9bff92200018042fb63a1caa94eba75bdca6a1a68

    • SSDEEP

      1536:6TPlaMK112XE7u42T/JzmKuQpXUwXfzwv:McMK12zl/JznNPzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks