General

  • Target

    50f6abe08474d88073246818001c38be3acd0dcf9cd3b7882281edef5cc89265N

  • Size

    45KB

  • Sample

    241109-knc87s1fqe

  • MD5

    7bd67d5c09bce85680b5e4b8ab60f5e0

  • SHA1

    203d0c698fdc2f6bc0380e304801b870049a572e

  • SHA256

    50f6abe08474d88073246818001c38be3acd0dcf9cd3b7882281edef5cc89265

  • SHA512

    2ed55fa2847040d5d2935459a836a3c83277a638f2bfbdcfa0a1a91d299c22d23449a672b34667f47c04eec87b69cc9d407e547938f2a6b3b906a19cb5a88f07

  • SSDEEP

    768:4Nup6kO7ejHsSypC8+kGk9J1gN2om6rfw9N/7fNzAPw04X+2/1H5h9:4Ne6kOCjHsSyskbs2opDw9nzvicT9

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      50f6abe08474d88073246818001c38be3acd0dcf9cd3b7882281edef5cc89265N

    • Size

      45KB

    • MD5

      7bd67d5c09bce85680b5e4b8ab60f5e0

    • SHA1

      203d0c698fdc2f6bc0380e304801b870049a572e

    • SHA256

      50f6abe08474d88073246818001c38be3acd0dcf9cd3b7882281edef5cc89265

    • SHA512

      2ed55fa2847040d5d2935459a836a3c83277a638f2bfbdcfa0a1a91d299c22d23449a672b34667f47c04eec87b69cc9d407e547938f2a6b3b906a19cb5a88f07

    • SSDEEP

      768:4Nup6kO7ejHsSypC8+kGk9J1gN2om6rfw9N/7fNzAPw04X+2/1H5h9:4Ne6kOCjHsSyskbs2opDw9nzvicT9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks