General

  • Target

    bafe4c190c506fe630680ffe488c7aeb7d9bed097e2d0474844b91e8af8285fbN

  • Size

    128KB

  • Sample

    241109-plt66avang

  • MD5

    4e84843e29145b9cd927ee1d3c0847c0

  • SHA1

    32ac66d3b57810b5cb8e0a85da7cb52cf01358d1

  • SHA256

    bafe4c190c506fe630680ffe488c7aeb7d9bed097e2d0474844b91e8af8285fb

  • SHA512

    86b99c99da601d583beba45af4a2cea6d381852e941508cb2ea29f328572ceeabdd9f04951e4c9ce175467f7fd00a726f2713c1a83f5342f1da4742f79cc57bf

  • SSDEEP

    3072:Yb3f2WUG9EwlbTKtKG7UDd0pCrQIFdFtLQ:2P2WUGKwla4G7Ux0ocIPF9Q

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      bafe4c190c506fe630680ffe488c7aeb7d9bed097e2d0474844b91e8af8285fbN

    • Size

      128KB

    • MD5

      4e84843e29145b9cd927ee1d3c0847c0

    • SHA1

      32ac66d3b57810b5cb8e0a85da7cb52cf01358d1

    • SHA256

      bafe4c190c506fe630680ffe488c7aeb7d9bed097e2d0474844b91e8af8285fb

    • SHA512

      86b99c99da601d583beba45af4a2cea6d381852e941508cb2ea29f328572ceeabdd9f04951e4c9ce175467f7fd00a726f2713c1a83f5342f1da4742f79cc57bf

    • SSDEEP

      3072:Yb3f2WUG9EwlbTKtKG7UDd0pCrQIFdFtLQ:2P2WUGKwla4G7Ux0ocIPF9Q

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks