General

  • Target

    27729b95c6594b0beb1e2054aaac740946b677bab3c4d5bfe7c8fe07626d96feN

  • Size

    63KB

  • Sample

    241109-p4yx3avcrn

  • MD5

    fb46d0998f1339ab4719b64d4421ba30

  • SHA1

    10b1594ba7588c2825d3a541aeb642bcfef248a9

  • SHA256

    27729b95c6594b0beb1e2054aaac740946b677bab3c4d5bfe7c8fe07626d96fe

  • SHA512

    46b4c3eb34eb14f640970bac227112cf06c26b6e6c2c7ef786b401ab0c9e6a2d5a2abb52c4fe0140da9affd9b60f0d348233292e80858a695e0c3fea56f78021

  • SSDEEP

    768:vRQ2ThcwN6ovLl7DLAhmTa9w/aPld68wSD/1H5oVEzY/mrUTvn93b7NRDMFME3e6:pK+6Q74hvIaPldh1+V8En9rjDHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      27729b95c6594b0beb1e2054aaac740946b677bab3c4d5bfe7c8fe07626d96feN

    • Size

      63KB

    • MD5

      fb46d0998f1339ab4719b64d4421ba30

    • SHA1

      10b1594ba7588c2825d3a541aeb642bcfef248a9

    • SHA256

      27729b95c6594b0beb1e2054aaac740946b677bab3c4d5bfe7c8fe07626d96fe

    • SHA512

      46b4c3eb34eb14f640970bac227112cf06c26b6e6c2c7ef786b401ab0c9e6a2d5a2abb52c4fe0140da9affd9b60f0d348233292e80858a695e0c3fea56f78021

    • SSDEEP

      768:vRQ2ThcwN6ovLl7DLAhmTa9w/aPld68wSD/1H5oVEzY/mrUTvn93b7NRDMFME3e6:pK+6Q74hvIaPldh1+V8En9rjDHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks