General

  • Target

    39d76614175dc8667e6459d28e4ffa03a6038aa8bb820406ec984b159438e5b8N

  • Size

    182KB

  • Sample

    241109-nhnpjatdkd

  • MD5

    af3da146091cb0b1af53088b0f63d5d0

  • SHA1

    84937d4ddb67737fbec9bc8c374875b5227f2696

  • SHA256

    39d76614175dc8667e6459d28e4ffa03a6038aa8bb820406ec984b159438e5b8

  • SHA512

    51af7ababd8248ba48e9d70554128c035b957bdee6e1f1d9ec4772a37441689e0aa58109450ab38ded8f8bac832f598ff136f8d82445e2c6485f990d28005b8d

  • SSDEEP

    3072:c2Iix1aIO4/zG3yCcyFBmfiLIP/1zVZrDHnyFBmfiL:f1aIqjCq2NzzrDHyCq

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      39d76614175dc8667e6459d28e4ffa03a6038aa8bb820406ec984b159438e5b8N

    • Size

      182KB

    • MD5

      af3da146091cb0b1af53088b0f63d5d0

    • SHA1

      84937d4ddb67737fbec9bc8c374875b5227f2696

    • SHA256

      39d76614175dc8667e6459d28e4ffa03a6038aa8bb820406ec984b159438e5b8

    • SHA512

      51af7ababd8248ba48e9d70554128c035b957bdee6e1f1d9ec4772a37441689e0aa58109450ab38ded8f8bac832f598ff136f8d82445e2c6485f990d28005b8d

    • SSDEEP

      3072:c2Iix1aIO4/zG3yCcyFBmfiLIP/1zVZrDHnyFBmfiL:f1aIqjCq2NzzrDHyCq

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks