General

  • Target

    fdea3ca3810841dce79a96da4ad96817e24bb8bc0defaa460aab2980a1c77ed0N

  • Size

    91KB

  • Sample

    241109-kdlgtszqbv

  • MD5

    f8e7e36d19cb67bf792c533f8fb168a0

  • SHA1

    898fc5dfcfb6c7b08e756f94aefc1c6e088a1243

  • SHA256

    fdea3ca3810841dce79a96da4ad96817e24bb8bc0defaa460aab2980a1c77ed0

  • SHA512

    3895b610c0f860fc6aaa0a1be29e35765c3fc98ee3723f79ca5a69a5a8c58fc717f6b94c9b3271ccfb20665030df8adf1e1abbfbb7be07a2e292e2f721b527fa

  • SSDEEP

    1536:LXuSsZ5JYh9yUgLg5JIS7JIRJ1lLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXdQ:zuJYh9F5NcHlLBsLnVUUHyNwtN4/nEB9

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fdea3ca3810841dce79a96da4ad96817e24bb8bc0defaa460aab2980a1c77ed0N

    • Size

      91KB

    • MD5

      f8e7e36d19cb67bf792c533f8fb168a0

    • SHA1

      898fc5dfcfb6c7b08e756f94aefc1c6e088a1243

    • SHA256

      fdea3ca3810841dce79a96da4ad96817e24bb8bc0defaa460aab2980a1c77ed0

    • SHA512

      3895b610c0f860fc6aaa0a1be29e35765c3fc98ee3723f79ca5a69a5a8c58fc717f6b94c9b3271ccfb20665030df8adf1e1abbfbb7be07a2e292e2f721b527fa

    • SSDEEP

      1536:LXuSsZ5JYh9yUgLg5JIS7JIRJ1lLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXdQ:zuJYh9F5NcHlLBsLnVUUHyNwtN4/nEB9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks