General

  • Target

    cd915a554e98812b64b270a33a8a93326c229e7bada724f0e4c177c529294bcdN

  • Size

    250KB

  • Sample

    241109-g6g4bszbnq

  • MD5

    bb575d3be2d8f39b21a4b418a0ac0b10

  • SHA1

    74bf2d31b9ef20658a2f816741068127bef734a9

  • SHA256

    cd915a554e98812b64b270a33a8a93326c229e7bada724f0e4c177c529294bcd

  • SHA512

    0f552d28fd37ac06f56f86b686bc562369b9a0ba1b83edcf85659f9ae2e8f405883610531217c47b1e7d1d6b79604b43f584679a195fa86bee40a8e11e0227d0

  • SSDEEP

    6144:DFHvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:8

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cd915a554e98812b64b270a33a8a93326c229e7bada724f0e4c177c529294bcdN

    • Size

      250KB

    • MD5

      bb575d3be2d8f39b21a4b418a0ac0b10

    • SHA1

      74bf2d31b9ef20658a2f816741068127bef734a9

    • SHA256

      cd915a554e98812b64b270a33a8a93326c229e7bada724f0e4c177c529294bcd

    • SHA512

      0f552d28fd37ac06f56f86b686bc562369b9a0ba1b83edcf85659f9ae2e8f405883610531217c47b1e7d1d6b79604b43f584679a195fa86bee40a8e11e0227d0

    • SSDEEP

      6144:DFHvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:8

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks