General

  • Target

    05c74856c41216d9e8de14ee98d482256293bc7dd657a0ad4293c43e836c418dN

  • Size

    96KB

  • Sample

    241109-lf1vza1me1

  • MD5

    7a827749e4bb9b8a1e0bcea843dfa510

  • SHA1

    eb40d43d824266cfe6f956d387936647025f58d0

  • SHA256

    05c74856c41216d9e8de14ee98d482256293bc7dd657a0ad4293c43e836c418d

  • SHA512

    c3c2c0e75f61fa251add50d411044e3acd19c837f99233c44efdb17adbff507699ddba9eda6b7c24085208ceb0b467293c662f31c46a869a1721621bf2f3f9da

  • SSDEEP

    1536:V9RhPpywklPl30ShbJ6XSsI9x1BHVrLbwnYYYYYYYYYYYYYYAYYYYYYZjYYYYYYn:9hE/Pd0ShVT8+x+K4d69jc0v

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      05c74856c41216d9e8de14ee98d482256293bc7dd657a0ad4293c43e836c418dN

    • Size

      96KB

    • MD5

      7a827749e4bb9b8a1e0bcea843dfa510

    • SHA1

      eb40d43d824266cfe6f956d387936647025f58d0

    • SHA256

      05c74856c41216d9e8de14ee98d482256293bc7dd657a0ad4293c43e836c418d

    • SHA512

      c3c2c0e75f61fa251add50d411044e3acd19c837f99233c44efdb17adbff507699ddba9eda6b7c24085208ceb0b467293c662f31c46a869a1721621bf2f3f9da

    • SSDEEP

      1536:V9RhPpywklPl30ShbJ6XSsI9x1BHVrLbwnYYYYYYYYYYYYYYAYYYYYYZjYYYYYYn:9hE/Pd0ShVT8+x+K4d69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks