General

  • Target

    9999f658355d8a213a9012a19483ed3a762f904c6d41103d3105feffa5b06d08

  • Size

    64KB

  • Sample

    241110-a72qssymek

  • MD5

    f7ffb32ac09feff8a7678bf1a669cc52

  • SHA1

    4b389d3dbc1a0c414ba3f1dde2436424d268d20d

  • SHA256

    9999f658355d8a213a9012a19483ed3a762f904c6d41103d3105feffa5b06d08

  • SHA512

    bf150759d603c85307dca36df239dfe801bb924530d9954fa39c2371c6e2535eec5605cbafd5f87f9628584515d20f6a5c6c74e7a84e39e7fb9a233a06a7bdec

  • SSDEEP

    1536:dQPO1e16GGSS8L4zydWJGWyibrPFW2iwTbW:dQm1q6G/4ztJGX4FW2VTbW

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9999f658355d8a213a9012a19483ed3a762f904c6d41103d3105feffa5b06d08

    • Size

      64KB

    • MD5

      f7ffb32ac09feff8a7678bf1a669cc52

    • SHA1

      4b389d3dbc1a0c414ba3f1dde2436424d268d20d

    • SHA256

      9999f658355d8a213a9012a19483ed3a762f904c6d41103d3105feffa5b06d08

    • SHA512

      bf150759d603c85307dca36df239dfe801bb924530d9954fa39c2371c6e2535eec5605cbafd5f87f9628584515d20f6a5c6c74e7a84e39e7fb9a233a06a7bdec

    • SSDEEP

      1536:dQPO1e16GGSS8L4zydWJGWyibrPFW2iwTbW:dQm1q6G/4ztJGX4FW2VTbW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks