General

  • Target

    febd7e2cee5fed800c56c03fd21333e6c2cf0e1b958bde0348b0010f9a82ee98N

  • Size

    224KB

  • Sample

    241109-kjh9natqbk

  • MD5

    d3a85382bfff52a0dd071d117a881100

  • SHA1

    db43b724bfc195280c4575cc50d260bbb5ad65b3

  • SHA256

    febd7e2cee5fed800c56c03fd21333e6c2cf0e1b958bde0348b0010f9a82ee98

  • SHA512

    3219661348ae895e9e764db707be2cfdaf0ee197074bea4d3f3c411e85c7c5a72e9e004974fca5dc4623769276fc3fe44180be15d33ba3475dbfe24511c16afa

  • SSDEEP

    3072:Wli0OeMDUndaJZpnIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOa:Wi0OeDsJZp94s5tTDUZNSN58VU5tTtf

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      febd7e2cee5fed800c56c03fd21333e6c2cf0e1b958bde0348b0010f9a82ee98N

    • Size

      224KB

    • MD5

      d3a85382bfff52a0dd071d117a881100

    • SHA1

      db43b724bfc195280c4575cc50d260bbb5ad65b3

    • SHA256

      febd7e2cee5fed800c56c03fd21333e6c2cf0e1b958bde0348b0010f9a82ee98

    • SHA512

      3219661348ae895e9e764db707be2cfdaf0ee197074bea4d3f3c411e85c7c5a72e9e004974fca5dc4623769276fc3fe44180be15d33ba3475dbfe24511c16afa

    • SSDEEP

      3072:Wli0OeMDUndaJZpnIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOa:Wi0OeDsJZp94s5tTDUZNSN58VU5tTtf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks