General

  • Target

    7ee49a7dc63ef9559be7e46f53bc165495fab7865d8d79675daccff52d308da0N

  • Size

    52KB

  • Sample

    241109-l59jeavpeq

  • MD5

    79570b32030f3a014f563ca958abd670

  • SHA1

    b363ad2c7c953eda7ea080a90d5917a7a66a5704

  • SHA256

    7ee49a7dc63ef9559be7e46f53bc165495fab7865d8d79675daccff52d308da0

  • SHA512

    8b1179e4229639546e99a630d18a7a2f225456ae27efed4434dc5298e19f2df5c9a6c0b2085cd4cc2689a9e8f0ff5c86ab725967429ad9466f2f9ca01670154a

  • SSDEEP

    768:Hr/mlVuq0NTaioEjvX9jYDjlCijniMdD7xE7z/1H5F/syMABvKWe:Hr/ww1GHevX8lCijNngjMAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7ee49a7dc63ef9559be7e46f53bc165495fab7865d8d79675daccff52d308da0N

    • Size

      52KB

    • MD5

      79570b32030f3a014f563ca958abd670

    • SHA1

      b363ad2c7c953eda7ea080a90d5917a7a66a5704

    • SHA256

      7ee49a7dc63ef9559be7e46f53bc165495fab7865d8d79675daccff52d308da0

    • SHA512

      8b1179e4229639546e99a630d18a7a2f225456ae27efed4434dc5298e19f2df5c9a6c0b2085cd4cc2689a9e8f0ff5c86ab725967429ad9466f2f9ca01670154a

    • SSDEEP

      768:Hr/mlVuq0NTaioEjvX9jYDjlCijniMdD7xE7z/1H5F/syMABvKWe:Hr/ww1GHevX8lCijNngjMAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks