General

  • Target

    306b02d2ae020a1840dd1f9142ba01afa08be80248419a3bc5b5c46f2cef282bN

  • Size

    45KB

  • Sample

    241109-j25pya1crn

  • MD5

    a4681417d937284d1ed26feabb0449b0

  • SHA1

    dc9bc8964d0f7aff75bc4086e4efe57d51ab91b0

  • SHA256

    306b02d2ae020a1840dd1f9142ba01afa08be80248419a3bc5b5c46f2cef282b

  • SHA512

    3218c18d8fb1382ac218662a18e78b1e2080d2aabd2004e111ae9ee90e25bc4a9602d51889e620134d9c7d69622dfcc41e022a3730ef36a4dc9d66e02df4cf8e

  • SSDEEP

    768:2SaYGmbLuVcr9bzDaCQnGyMG5mkmcN+1Wqoah8jzMBv4Wwi9PPPPPQnih/1H5N:2SaY1uWRbzDaCQ553mcN+A77WwiSaD

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      306b02d2ae020a1840dd1f9142ba01afa08be80248419a3bc5b5c46f2cef282bN

    • Size

      45KB

    • MD5

      a4681417d937284d1ed26feabb0449b0

    • SHA1

      dc9bc8964d0f7aff75bc4086e4efe57d51ab91b0

    • SHA256

      306b02d2ae020a1840dd1f9142ba01afa08be80248419a3bc5b5c46f2cef282b

    • SHA512

      3218c18d8fb1382ac218662a18e78b1e2080d2aabd2004e111ae9ee90e25bc4a9602d51889e620134d9c7d69622dfcc41e022a3730ef36a4dc9d66e02df4cf8e

    • SSDEEP

      768:2SaYGmbLuVcr9bzDaCQnGyMG5mkmcN+1Wqoah8jzMBv4Wwi9PPPPPQnih/1H5N:2SaY1uWRbzDaCQ553mcN+A77WwiSaD

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks