General

  • Target

    cd6997d95327b6154dc0c2b9ac3893aec21464111bf10ebda87db4e1c30b1c58N

  • Size

    69KB

  • Sample

    241109-sa7jwsvrfv

  • MD5

    fede6e4c0c791a9b5272b7c29e162490

  • SHA1

    911dacb5cfb65ed99bf3ea4893f79ef82aac94c2

  • SHA256

    cd6997d95327b6154dc0c2b9ac3893aec21464111bf10ebda87db4e1c30b1c58

  • SHA512

    020f39f4ed5300f013d9fa06639e740a40971e92898dbca63992fa7d5881d5323cefe577306ae40ea51d0c1e37846daf7b9a950542019df409fb92ea3e235251

  • SSDEEP

    1536:7F6Jh/76FLbcDq0CCPpt+0BNein/GFZCeDAyY:x6JB320je0BNFn/GFZC1yY

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cd6997d95327b6154dc0c2b9ac3893aec21464111bf10ebda87db4e1c30b1c58N

    • Size

      69KB

    • MD5

      fede6e4c0c791a9b5272b7c29e162490

    • SHA1

      911dacb5cfb65ed99bf3ea4893f79ef82aac94c2

    • SHA256

      cd6997d95327b6154dc0c2b9ac3893aec21464111bf10ebda87db4e1c30b1c58

    • SHA512

      020f39f4ed5300f013d9fa06639e740a40971e92898dbca63992fa7d5881d5323cefe577306ae40ea51d0c1e37846daf7b9a950542019df409fb92ea3e235251

    • SSDEEP

      1536:7F6Jh/76FLbcDq0CCPpt+0BNein/GFZCeDAyY:x6JB320je0BNFn/GFZC1yY

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks