General

  • Target

    94770d4be491c0649248816b53637c5ec0f690a1c76c048bc71804fb8cf80407

  • Size

    59KB

  • Sample

    241110-az4v7avmby

  • MD5

    ed133a0bf8ad3e89ace8b0c51f5da69e

  • SHA1

    5a4ec62d28142c37e3a93ff2c9556c027f3fa1aa

  • SHA256

    94770d4be491c0649248816b53637c5ec0f690a1c76c048bc71804fb8cf80407

  • SHA512

    e4cf684cab572cae781f9519a71a5f7f7f8ad71484dfd9a0aaf31e1054d16da0c38c6232077dfb41657e653628afe3afbd691867c0e7bf41f33cdaf2881957e7

  • SSDEEP

    768:VHbXmsikVVzl5rFM7tHGFl4YP/7wVLQG3gC3FLOsF2AMZ/1H5CD5nf1fZMEBFELE:VbLV/UmHTPjwVeoLv3+YtNCyVso

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      94770d4be491c0649248816b53637c5ec0f690a1c76c048bc71804fb8cf80407

    • Size

      59KB

    • MD5

      ed133a0bf8ad3e89ace8b0c51f5da69e

    • SHA1

      5a4ec62d28142c37e3a93ff2c9556c027f3fa1aa

    • SHA256

      94770d4be491c0649248816b53637c5ec0f690a1c76c048bc71804fb8cf80407

    • SHA512

      e4cf684cab572cae781f9519a71a5f7f7f8ad71484dfd9a0aaf31e1054d16da0c38c6232077dfb41657e653628afe3afbd691867c0e7bf41f33cdaf2881957e7

    • SSDEEP

      768:VHbXmsikVVzl5rFM7tHGFl4YP/7wVLQG3gC3FLOsF2AMZ/1H5CD5nf1fZMEBFELE:VbLV/UmHTPjwVeoLv3+YtNCyVso

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks