General

  • Target

    6adb249b839f57c8a58588d2ba1b368263de5ca8b22b07dcb751e599bf1f1547N

  • Size

    113KB

  • Sample

    241109-mhzlcsvrdk

  • MD5

    aaa32179629a683b744f302e33bfded0

  • SHA1

    117913747e39935faf4fe0ce8d0f997271099cff

  • SHA256

    6adb249b839f57c8a58588d2ba1b368263de5ca8b22b07dcb751e599bf1f1547

  • SHA512

    62e8c46214e5376a15a42d5b8a94e76043c040b4ec783aef1a0fc82b263e83690f0813309289d9dfa6d867d5e8e0c44ee96d22f466b6a855186a589c746a9da4

  • SSDEEP

    1536:C7KMPQZzVEuCrOO617DWkZFfScD7SzCbHWrAW8wTWiliX:+JQZO7KOuGkZFfFSebHWrH8wTW0

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6adb249b839f57c8a58588d2ba1b368263de5ca8b22b07dcb751e599bf1f1547N

    • Size

      113KB

    • MD5

      aaa32179629a683b744f302e33bfded0

    • SHA1

      117913747e39935faf4fe0ce8d0f997271099cff

    • SHA256

      6adb249b839f57c8a58588d2ba1b368263de5ca8b22b07dcb751e599bf1f1547

    • SHA512

      62e8c46214e5376a15a42d5b8a94e76043c040b4ec783aef1a0fc82b263e83690f0813309289d9dfa6d867d5e8e0c44ee96d22f466b6a855186a589c746a9da4

    • SSDEEP

      1536:C7KMPQZzVEuCrOO617DWkZFfScD7SzCbHWrAW8wTWiliX:+JQZO7KOuGkZFfFSebHWrH8wTW0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks