General

  • Target

    ee2529d325d399f810d6be8890cc3b989ae5dc8ddc4e7af756d53058797a074fN

  • Size

    92KB

  • Sample

    241109-ham55szcll

  • MD5

    20c20f7ede75ad9e5810b5727b809ab0

  • SHA1

    86657da7a5fa3880ddda5ad44390872483f6f43a

  • SHA256

    ee2529d325d399f810d6be8890cc3b989ae5dc8ddc4e7af756d53058797a074f

  • SHA512

    b62becf6b37738265848747906f527a8ca28ed207440ec074769239fcdeec25979ed587cf1f152b5b060afd1394ffd819e1a378e3a2c884e20e69010b6246e97

  • SSDEEP

    1536:1p3TkFpP9wUsIxNdBD2zPoiNySSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSf2Szvas:1pD6zds4DDwPoiNS3/O7usluTXp6UX

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ee2529d325d399f810d6be8890cc3b989ae5dc8ddc4e7af756d53058797a074fN

    • Size

      92KB

    • MD5

      20c20f7ede75ad9e5810b5727b809ab0

    • SHA1

      86657da7a5fa3880ddda5ad44390872483f6f43a

    • SHA256

      ee2529d325d399f810d6be8890cc3b989ae5dc8ddc4e7af756d53058797a074f

    • SHA512

      b62becf6b37738265848747906f527a8ca28ed207440ec074769239fcdeec25979ed587cf1f152b5b060afd1394ffd819e1a378e3a2c884e20e69010b6246e97

    • SSDEEP

      1536:1p3TkFpP9wUsIxNdBD2zPoiNySSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSf2Szvas:1pD6zds4DDwPoiNS3/O7usluTXp6UX

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks