General

  • Target

    ef2f84ac3fc3234fc84595e8bf98ed95138ad5d26645cdf7ab3160280616c59dN

  • Size

    67KB

  • Sample

    241109-lc5dzssbkp

  • MD5

    70a9abde3cc69e5aaafdf709d801ef80

  • SHA1

    cccca59bf7d0c54492154be2e9003f0fa810eca8

  • SHA256

    ef2f84ac3fc3234fc84595e8bf98ed95138ad5d26645cdf7ab3160280616c59d

  • SHA512

    3e776ec16c59c98f54bc5938e47b3561f3753d60f01292552d5622be884795c9278b7501efa814a37bc956d2158a6f1f7bda0df49d7d6e2d3bfc6bc5d39a86f3

  • SSDEEP

    1536:0yVlOSrq2iFch76w9fY7sJifTduD4oTxwf:0yVlOiz2cswC7sJibdMTxwf

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ef2f84ac3fc3234fc84595e8bf98ed95138ad5d26645cdf7ab3160280616c59dN

    • Size

      67KB

    • MD5

      70a9abde3cc69e5aaafdf709d801ef80

    • SHA1

      cccca59bf7d0c54492154be2e9003f0fa810eca8

    • SHA256

      ef2f84ac3fc3234fc84595e8bf98ed95138ad5d26645cdf7ab3160280616c59d

    • SHA512

      3e776ec16c59c98f54bc5938e47b3561f3753d60f01292552d5622be884795c9278b7501efa814a37bc956d2158a6f1f7bda0df49d7d6e2d3bfc6bc5d39a86f3

    • SSDEEP

      1536:0yVlOSrq2iFch76w9fY7sJifTduD4oTxwf:0yVlOiz2cswC7sJibdMTxwf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks