General

  • Target

    2a466e60e8eacdb4413036b5fbab14b4b57590f9848d0591e92a71e57a95567dN

  • Size

    55KB

  • Sample

    241109-g7g5qaslfm

  • MD5

    d048f24917d78c430a19a1b46db00720

  • SHA1

    b27d306c5aacc470b6c2ce31f7c994acdca9a798

  • SHA256

    2a466e60e8eacdb4413036b5fbab14b4b57590f9848d0591e92a71e57a95567d

  • SHA512

    c987dde0466ce9967e75619d96469a61a60dcb143025a31e79db25b43c7cfce4c0d6701df3bd817c055a346b586a97cc7977430a45ac1c17b6d92fba0abbc8aa

  • SSDEEP

    1536:WmrRfsxLJLEaDOa1joEs3KCPZzyzD3sZu+tv0NSoNSd0A3shxD6:WmrRopOa18Es3KCPZzyzD3sv0NXNW0AC

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2a466e60e8eacdb4413036b5fbab14b4b57590f9848d0591e92a71e57a95567dN

    • Size

      55KB

    • MD5

      d048f24917d78c430a19a1b46db00720

    • SHA1

      b27d306c5aacc470b6c2ce31f7c994acdca9a798

    • SHA256

      2a466e60e8eacdb4413036b5fbab14b4b57590f9848d0591e92a71e57a95567d

    • SHA512

      c987dde0466ce9967e75619d96469a61a60dcb143025a31e79db25b43c7cfce4c0d6701df3bd817c055a346b586a97cc7977430a45ac1c17b6d92fba0abbc8aa

    • SSDEEP

      1536:WmrRfsxLJLEaDOa1joEs3KCPZzyzD3sZu+tv0NSoNSd0A3shxD6:WmrRopOa18Es3KCPZzyzD3sv0NXNW0AC

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks