General

  • Target

    1a83dcd7dedd905edd4481cf1d12a80eb6d5aebdcaee0bdaf6491371b58936b6N

  • Size

    72KB

  • Sample

    241109-plpaxavakl

  • MD5

    6dd826ae9554ffe82cb395a47bda1840

  • SHA1

    4cf8ea3c41384fedd14f6c6b02a0ee572178544b

  • SHA256

    1a83dcd7dedd905edd4481cf1d12a80eb6d5aebdcaee0bdaf6491371b58936b6

  • SHA512

    6f066beb8d7d77ff3be6b74f7acc6ca9f3edec9d64799f4b6458e7267653b81a48672e34b69253b75d00436ff8a44a476745e9eedde626b8661d80e996ee2cb6

  • SSDEEP

    1536:7+Ur9Es67lAzcdFHAKLRkgE9Ku9zPgUN3QivEtA:SaQDWtzPgU5QJA

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1a83dcd7dedd905edd4481cf1d12a80eb6d5aebdcaee0bdaf6491371b58936b6N

    • Size

      72KB

    • MD5

      6dd826ae9554ffe82cb395a47bda1840

    • SHA1

      4cf8ea3c41384fedd14f6c6b02a0ee572178544b

    • SHA256

      1a83dcd7dedd905edd4481cf1d12a80eb6d5aebdcaee0bdaf6491371b58936b6

    • SHA512

      6f066beb8d7d77ff3be6b74f7acc6ca9f3edec9d64799f4b6458e7267653b81a48672e34b69253b75d00436ff8a44a476745e9eedde626b8661d80e996ee2cb6

    • SSDEEP

      1536:7+Ur9Es67lAzcdFHAKLRkgE9Ku9zPgUN3QivEtA:SaQDWtzPgU5QJA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks