General

  • Target

    ffc7dfd2353bff8ca6a007c57d8a50cdb957ded64cc3ffeab908c6bb46752523N

  • Size

    63KB

  • Sample

    241109-g134lszaqf

  • MD5

    5f42e732aa7e1f45a46f6beaeb891570

  • SHA1

    dbbb0584655f2df73fb8af570e8a2757666da0d2

  • SHA256

    ffc7dfd2353bff8ca6a007c57d8a50cdb957ded64cc3ffeab908c6bb46752523

  • SHA512

    d2116a3426a9baa7948566904cf390b60128c1fa769acfbe1d72766ab509baf975c65668787f4421de1ad816a5dc02041ed7edecf10e4caa354707e8a50181ef

  • SSDEEP

    768:4okGpobXYETisJgQrjRZW5txXB1f655/t3MSneDdv7/1H5oVEYmrUTvn93b7NRDk:1khXYHsJx93Miadvt+V0En9rjDHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ffc7dfd2353bff8ca6a007c57d8a50cdb957ded64cc3ffeab908c6bb46752523N

    • Size

      63KB

    • MD5

      5f42e732aa7e1f45a46f6beaeb891570

    • SHA1

      dbbb0584655f2df73fb8af570e8a2757666da0d2

    • SHA256

      ffc7dfd2353bff8ca6a007c57d8a50cdb957ded64cc3ffeab908c6bb46752523

    • SHA512

      d2116a3426a9baa7948566904cf390b60128c1fa769acfbe1d72766ab509baf975c65668787f4421de1ad816a5dc02041ed7edecf10e4caa354707e8a50181ef

    • SSDEEP

      768:4okGpobXYETisJgQrjRZW5txXB1f655/t3MSneDdv7/1H5oVEYmrUTvn93b7NRDk:1khXYHsJx93Miadvt+V0En9rjDHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks