General

  • Target

    ffce9b90e8eeb2e770794aff40c6fada4101f381783f9c9ca7f87291397beda6N

  • Size

    250KB

  • Sample

    241109-g6ecfasldp

  • MD5

    d5112ce663766c0dd660c65af1e62d40

  • SHA1

    52330965f11303089e143eea689e2323f3fb7372

  • SHA256

    ffce9b90e8eeb2e770794aff40c6fada4101f381783f9c9ca7f87291397beda6

  • SHA512

    1e760f97977f40da23e90b5e00729aa75fbb72f3330a184b411edd0d8bd5c7f413264876123bd3bfa8397f031b0c287cbd92e44f5a63ba429387e1b916961a87

  • SSDEEP

    6144:pOUWvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:pO0

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ffce9b90e8eeb2e770794aff40c6fada4101f381783f9c9ca7f87291397beda6N

    • Size

      250KB

    • MD5

      d5112ce663766c0dd660c65af1e62d40

    • SHA1

      52330965f11303089e143eea689e2323f3fb7372

    • SHA256

      ffce9b90e8eeb2e770794aff40c6fada4101f381783f9c9ca7f87291397beda6

    • SHA512

      1e760f97977f40da23e90b5e00729aa75fbb72f3330a184b411edd0d8bd5c7f413264876123bd3bfa8397f031b0c287cbd92e44f5a63ba429387e1b916961a87

    • SSDEEP

      6144:pOUWvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:pO0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks