General

  • Target

    9a325a7cef1be4ad53454036ac3349bd007a6fc557a3b29ab9d3329be339f7c6N

  • Size

    64KB

  • Sample

    241109-telcwsxele

  • MD5

    268b130b58f73ca15843d5e25ee0d6d0

  • SHA1

    cc1a19258bb78ca5292b7a28a6419cfb5ac473a5

  • SHA256

    9a325a7cef1be4ad53454036ac3349bd007a6fc557a3b29ab9d3329be339f7c6

  • SHA512

    ea255f28e5ec74f24843765e136e9bb2f1589968ceb1834c23680eba92192d39ecaa1d20116daa40d504544ff1132ebbb8f500f878f128d265d295dae195df61

  • SSDEEP

    1536:0oNJ5Vi85oWPAf23geJ4T/gm+1WyErPFW2iwTbWv:06iG5oVeJ4T4XoFW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9a325a7cef1be4ad53454036ac3349bd007a6fc557a3b29ab9d3329be339f7c6N

    • Size

      64KB

    • MD5

      268b130b58f73ca15843d5e25ee0d6d0

    • SHA1

      cc1a19258bb78ca5292b7a28a6419cfb5ac473a5

    • SHA256

      9a325a7cef1be4ad53454036ac3349bd007a6fc557a3b29ab9d3329be339f7c6

    • SHA512

      ea255f28e5ec74f24843765e136e9bb2f1589968ceb1834c23680eba92192d39ecaa1d20116daa40d504544ff1132ebbb8f500f878f128d265d295dae195df61

    • SSDEEP

      1536:0oNJ5Vi85oWPAf23geJ4T/gm+1WyErPFW2iwTbWv:06iG5oVeJ4T4XoFW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks