General

  • Target

    cdc171552f742ebba6a48bfd0c0f882ee788619c8325b726c344890f5b4cdd14N

  • Size

    181KB

  • Sample

    241109-g2qjxazard

  • MD5

    8f4be388b7f2932493db95496cd33840

  • SHA1

    78bbe1ecb93bc95f326c64e1e0fcdda644ab6f51

  • SHA256

    cdc171552f742ebba6a48bfd0c0f882ee788619c8325b726c344890f5b4cdd14

  • SHA512

    0476246ef33b77891e842ac9ecb8958030a3f7bb7c237832d485f9f25c78ccca9a473231aa5c74d7204cd523708b3535a4ac8865fb1d5fc791307efb3da303a8

  • SSDEEP

    3072:J0OIuQBTASfDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOg:yOZSt5tTDUZNSN58VU5tT

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cdc171552f742ebba6a48bfd0c0f882ee788619c8325b726c344890f5b4cdd14N

    • Size

      181KB

    • MD5

      8f4be388b7f2932493db95496cd33840

    • SHA1

      78bbe1ecb93bc95f326c64e1e0fcdda644ab6f51

    • SHA256

      cdc171552f742ebba6a48bfd0c0f882ee788619c8325b726c344890f5b4cdd14

    • SHA512

      0476246ef33b77891e842ac9ecb8958030a3f7bb7c237832d485f9f25c78ccca9a473231aa5c74d7204cd523708b3535a4ac8865fb1d5fc791307efb3da303a8

    • SSDEEP

      3072:J0OIuQBTASfDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOg:yOZSt5tTDUZNSN58VU5tT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks