General

  • Target

    b2b8a02025e45b5eed5b7c0045aac0778a24df08937eef03b0e8ab8745be6f12N

  • Size

    69KB

  • Sample

    241109-r7h25awgmr

  • MD5

    d2e25ddbc3d8f86a56d9b55cdf23f070

  • SHA1

    5f036f721b280c744e6e6942592208e408f864bf

  • SHA256

    b2b8a02025e45b5eed5b7c0045aac0778a24df08937eef03b0e8ab8745be6f12

  • SHA512

    ff240578bc17efece51473d0b3eb6f00e1e198e28cf613421b3c6b4b69d4629dbc11c4d4733ba3aefe90d95084a9ac91aed6a57d00c0cf3d826dbfe2f6436a65

  • SSDEEP

    1536:x3LjiPD240z9SXyXltkF8AYFpPhNein/GFZCeDAyN:tePD09j0F8nF1hNFn/GFZC1yN

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b2b8a02025e45b5eed5b7c0045aac0778a24df08937eef03b0e8ab8745be6f12N

    • Size

      69KB

    • MD5

      d2e25ddbc3d8f86a56d9b55cdf23f070

    • SHA1

      5f036f721b280c744e6e6942592208e408f864bf

    • SHA256

      b2b8a02025e45b5eed5b7c0045aac0778a24df08937eef03b0e8ab8745be6f12

    • SHA512

      ff240578bc17efece51473d0b3eb6f00e1e198e28cf613421b3c6b4b69d4629dbc11c4d4733ba3aefe90d95084a9ac91aed6a57d00c0cf3d826dbfe2f6436a65

    • SSDEEP

      1536:x3LjiPD240z9SXyXltkF8AYFpPhNein/GFZCeDAyN:tePD09j0F8nF1hNFn/GFZC1yN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks