General

  • Target

    0bc1b3879fb0551c09fbfeb17ce6f44e871ac274e02b25ea42c0f2285889a3b4N

  • Size

    448KB

  • Sample

    241109-hbd9mazclh

  • MD5

    8660cbcda451493dd9f45d192bedf800

  • SHA1

    a0849680df61c7560a4b2c315e990a36c4e84a5f

  • SHA256

    0bc1b3879fb0551c09fbfeb17ce6f44e871ac274e02b25ea42c0f2285889a3b4

  • SHA512

    6d7203abb0f486360cc4a7daa74b60b787b816e346dd39722964b9fe06a1dc5d80d708d0956d531ec1a638b3ecd440fa1f4681f1a3789be0eb4b90a1a54b41b4

  • SSDEEP

    12288:PIYf5turkWhbi5thyDf5turkWhbi5taX5X:gVkEUyD0kEPF

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0bc1b3879fb0551c09fbfeb17ce6f44e871ac274e02b25ea42c0f2285889a3b4N

    • Size

      448KB

    • MD5

      8660cbcda451493dd9f45d192bedf800

    • SHA1

      a0849680df61c7560a4b2c315e990a36c4e84a5f

    • SHA256

      0bc1b3879fb0551c09fbfeb17ce6f44e871ac274e02b25ea42c0f2285889a3b4

    • SHA512

      6d7203abb0f486360cc4a7daa74b60b787b816e346dd39722964b9fe06a1dc5d80d708d0956d531ec1a638b3ecd440fa1f4681f1a3789be0eb4b90a1a54b41b4

    • SSDEEP

      12288:PIYf5turkWhbi5thyDf5turkWhbi5taX5X:gVkEUyD0kEPF

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks