General

  • Target

    f98776e16846bb73102333e9dfef8585278604b42ae818d442279c2992116edb

  • Size

    512KB

  • Sample

    241109-f84jnsxrav

  • MD5

    709446748a89349b8662c9034b2ac1b6

  • SHA1

    021dce4e86009a4e733e724194f1b5253e47691b

  • SHA256

    f98776e16846bb73102333e9dfef8585278604b42ae818d442279c2992116edb

  • SHA512

    5120a69c46c56b9735c5ae07051836c565934e642ec7a3ae16de6837393c5bc5a30fc7949a21b089f8e1925bd6a841c7d470a6da1423e3c75eafb9d32114c5db

  • SSDEEP

    6144:VA7nFQav853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:a2uQBpnchWcZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f98776e16846bb73102333e9dfef8585278604b42ae818d442279c2992116edb

    • Size

      512KB

    • MD5

      709446748a89349b8662c9034b2ac1b6

    • SHA1

      021dce4e86009a4e733e724194f1b5253e47691b

    • SHA256

      f98776e16846bb73102333e9dfef8585278604b42ae818d442279c2992116edb

    • SHA512

      5120a69c46c56b9735c5ae07051836c565934e642ec7a3ae16de6837393c5bc5a30fc7949a21b089f8e1925bd6a841c7d470a6da1423e3c75eafb9d32114c5db

    • SSDEEP

      6144:VA7nFQav853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:a2uQBpnchWcZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks