General

  • Target

    eb8926cbc8572d16e6d54fe988a0d885bdd1cf545126d0005c82c0f8a4152815N

  • Size

    67KB

  • Sample

    241109-qz9z7svhnj

  • MD5

    516305b19f00c0af7d6f0f80ef8388b0

  • SHA1

    0fa067386d5fc41c80ac1cca1f1ce9ac8e6759b8

  • SHA256

    eb8926cbc8572d16e6d54fe988a0d885bdd1cf545126d0005c82c0f8a4152815

  • SHA512

    a767c428bca9ed97945d2eead636575e59a1abf378336d68057c37838bb554d247f3262d804f8ec80906f824832a33ae70e67fcbc155b31b235b2ca19f11e068

  • SSDEEP

    1536:l5fa1zZT+yHtiKdxhFgBZZsJifTduD4oTxw:vyFZTDHXxPoZZsJibdMTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      eb8926cbc8572d16e6d54fe988a0d885bdd1cf545126d0005c82c0f8a4152815N

    • Size

      67KB

    • MD5

      516305b19f00c0af7d6f0f80ef8388b0

    • SHA1

      0fa067386d5fc41c80ac1cca1f1ce9ac8e6759b8

    • SHA256

      eb8926cbc8572d16e6d54fe988a0d885bdd1cf545126d0005c82c0f8a4152815

    • SHA512

      a767c428bca9ed97945d2eead636575e59a1abf378336d68057c37838bb554d247f3262d804f8ec80906f824832a33ae70e67fcbc155b31b235b2ca19f11e068

    • SSDEEP

      1536:l5fa1zZT+yHtiKdxhFgBZZsJifTduD4oTxw:vyFZTDHXxPoZZsJibdMTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks