General

  • Target

    4d6eef302a970362c46c4a0dcbc1c1a33631c8528f2a99ee5e4302b683f45620N

  • Size

    64KB

  • Sample

    241110-a8svaawbpr

  • MD5

    5432fff48502202a48998795abaa2610

  • SHA1

    cad313062688d57a9d94396771ca109a75e74eb7

  • SHA256

    4d6eef302a970362c46c4a0dcbc1c1a33631c8528f2a99ee5e4302b683f45620

  • SHA512

    c49a48595968375c113ba2bc8f1573c038294b3c3bb0cbbe7ac1dbe43f92aebad7847e0e073ac5e76af3ac7d2cb7d5eb19c67ac2da4d4cf22b72051e025c512f

  • SSDEEP

    768:qri02mD9Bjxv0yvbArCbY5N5wEpXBKUGhKF7DTMPr42H/1H5O6XJ1IwEGp9Thfz6:Q9jTbAmbM7rxOnRXUwXfzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4d6eef302a970362c46c4a0dcbc1c1a33631c8528f2a99ee5e4302b683f45620N

    • Size

      64KB

    • MD5

      5432fff48502202a48998795abaa2610

    • SHA1

      cad313062688d57a9d94396771ca109a75e74eb7

    • SHA256

      4d6eef302a970362c46c4a0dcbc1c1a33631c8528f2a99ee5e4302b683f45620

    • SHA512

      c49a48595968375c113ba2bc8f1573c038294b3c3bb0cbbe7ac1dbe43f92aebad7847e0e073ac5e76af3ac7d2cb7d5eb19c67ac2da4d4cf22b72051e025c512f

    • SSDEEP

      768:qri02mD9Bjxv0yvbArCbY5N5wEpXBKUGhKF7DTMPr42H/1H5O6XJ1IwEGp9Thfz6:Q9jTbAmbM7rxOnRXUwXfzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks