General

  • Target

    0f70b7bf06427cd86d3f46bf76129597d916db32029dd9d9b41b84dd144922eeN

  • Size

    69KB

  • Sample

    241109-sfvghszjfj

  • MD5

    d3cb46984ead7130715943c849af31b0

  • SHA1

    039f715f6ec211f80c63068308e3c2ab64a12c75

  • SHA256

    0f70b7bf06427cd86d3f46bf76129597d916db32029dd9d9b41b84dd144922ee

  • SHA512

    f8dc769beed4016a9bdae8dc3cdcc82888fcac044f33c543f86e3ee5defc56eea90a835dec743e1914be2f99e901c3f94cc8f4d49a7b63b799a886178c94ae81

  • SSDEEP

    1536:7VEox0YqgSknPhgBmz8GeNein/GFZCeDAyN:7VEoaYqgSyPKyeNFn/GFZC1yN

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0f70b7bf06427cd86d3f46bf76129597d916db32029dd9d9b41b84dd144922eeN

    • Size

      69KB

    • MD5

      d3cb46984ead7130715943c849af31b0

    • SHA1

      039f715f6ec211f80c63068308e3c2ab64a12c75

    • SHA256

      0f70b7bf06427cd86d3f46bf76129597d916db32029dd9d9b41b84dd144922ee

    • SHA512

      f8dc769beed4016a9bdae8dc3cdcc82888fcac044f33c543f86e3ee5defc56eea90a835dec743e1914be2f99e901c3f94cc8f4d49a7b63b799a886178c94ae81

    • SSDEEP

      1536:7VEox0YqgSknPhgBmz8GeNein/GFZCeDAyN:7VEoaYqgSyPKyeNFn/GFZC1yN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks