General

  • Target

    76a0328d071cc145db2410bbfdf6a9f52554ad9a460b2d71841a0b1b01877c5bN

  • Size

    52KB

  • Sample

    241109-namghawmbn

  • MD5

    e8fc6386722c96c6c129e697a52e2430

  • SHA1

    33c7c51a2fc1ea4f3a7e0ca30af1e83bfe903d21

  • SHA256

    76a0328d071cc145db2410bbfdf6a9f52554ad9a460b2d71841a0b1b01877c5b

  • SHA512

    42a23c4da7288f83b7587536147c6e7eee635af2d9e78d42c6ebee9ad37fced25f08f43caad84a37be6bcea8a217e1a83b2bf8bfa12f5716c8146bb12c693935

  • SSDEEP

    768:BKxXjdpzxd6/Ae7X8zuCFd0PT5zwsnkgpRKBmK/1H5F/sIMABvKWe:BKRpzfRYX8C2mPlfkyPQ5MAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      76a0328d071cc145db2410bbfdf6a9f52554ad9a460b2d71841a0b1b01877c5bN

    • Size

      52KB

    • MD5

      e8fc6386722c96c6c129e697a52e2430

    • SHA1

      33c7c51a2fc1ea4f3a7e0ca30af1e83bfe903d21

    • SHA256

      76a0328d071cc145db2410bbfdf6a9f52554ad9a460b2d71841a0b1b01877c5b

    • SHA512

      42a23c4da7288f83b7587536147c6e7eee635af2d9e78d42c6ebee9ad37fced25f08f43caad84a37be6bcea8a217e1a83b2bf8bfa12f5716c8146bb12c693935

    • SSDEEP

      768:BKxXjdpzxd6/Ae7X8zuCFd0PT5zwsnkgpRKBmK/1H5F/sIMABvKWe:BKRpzfRYX8C2mPlfkyPQ5MAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks