General

  • Target

    0f8bfe3edeebb846bcae42766a525141231afe706c69f11836d0d8441c413b5bN

  • Size

    96KB

  • Sample

    241110-b1vjkszkbj

  • MD5

    fd2252fe119ec80e75c86ad8325f8c20

  • SHA1

    1367f60f154fab6cfee1d6a1589d12ec96263f91

  • SHA256

    0f8bfe3edeebb846bcae42766a525141231afe706c69f11836d0d8441c413b5b

  • SHA512

    a9fcb27f137efa35ba07426204c752acd24e725209f7eb26649f92dded316b20ab8673b6e80135ab3af20eb8ca7d0a738c63e39c76edf34ecd2d5a22e0ee14ed

  • SSDEEP

    1536:wzupQ0zD+07icX4Zd4FoS/9iy8RIdmfRLbwnYYYYYYYYYYYYYYAYYYYYYZjYYYYT:+uxi0OTS/Iy2vl8+x+K4d69jc0v

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0f8bfe3edeebb846bcae42766a525141231afe706c69f11836d0d8441c413b5bN

    • Size

      96KB

    • MD5

      fd2252fe119ec80e75c86ad8325f8c20

    • SHA1

      1367f60f154fab6cfee1d6a1589d12ec96263f91

    • SHA256

      0f8bfe3edeebb846bcae42766a525141231afe706c69f11836d0d8441c413b5b

    • SHA512

      a9fcb27f137efa35ba07426204c752acd24e725209f7eb26649f92dded316b20ab8673b6e80135ab3af20eb8ca7d0a738c63e39c76edf34ecd2d5a22e0ee14ed

    • SSDEEP

      1536:wzupQ0zD+07icX4Zd4FoS/9iy8RIdmfRLbwnYYYYYYYYYYYYYYAYYYYYYZjYYYYT:+uxi0OTS/Iy2vl8+x+K4d69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks