General

  • Target

    4006b53804cfec5d7f526b34e9ae09b70cd0501c4949a4d5f86687faca9fbadaN

  • Size

    72KB

  • Sample

    241109-nw2tbawqdp

  • MD5

    fa23eea70e7fa6d086710ee332976cd0

  • SHA1

    454fcd0ece403eb88bb18eed19c12d65208e16d1

  • SHA256

    4006b53804cfec5d7f526b34e9ae09b70cd0501c4949a4d5f86687faca9fbada

  • SHA512

    af354ff17e1f000479bf175ba765d7c9673aedb00309dcb45c50a7df568c4d7f6bce2fd54938cf512b06c4086248887e10cfc114e99a11a702fc95ceb5a5986b

  • SSDEEP

    1536:9XQZQEJZOvknhZyUjhEjFpOiTJj//nPgUN3QivEtA:dQbnnhZVVEOYr/nPgU5QJA

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4006b53804cfec5d7f526b34e9ae09b70cd0501c4949a4d5f86687faca9fbadaN

    • Size

      72KB

    • MD5

      fa23eea70e7fa6d086710ee332976cd0

    • SHA1

      454fcd0ece403eb88bb18eed19c12d65208e16d1

    • SHA256

      4006b53804cfec5d7f526b34e9ae09b70cd0501c4949a4d5f86687faca9fbada

    • SHA512

      af354ff17e1f000479bf175ba765d7c9673aedb00309dcb45c50a7df568c4d7f6bce2fd54938cf512b06c4086248887e10cfc114e99a11a702fc95ceb5a5986b

    • SSDEEP

      1536:9XQZQEJZOvknhZyUjhEjFpOiTJj//nPgUN3QivEtA:dQbnnhZVVEOYr/nPgU5QJA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks