General

  • Target

    add84bccc05f2aef91f30ac93a1312c7ad0b0853034f0a511a9d6bcd9403ad3b

  • Size

    48KB

  • Sample

    241110-b346sswlas

  • MD5

    582219e4202ee2c15e4a06705e9e2d6e

  • SHA1

    2a28c06d44148570ef9d3007d34fff4ac521baa0

  • SHA256

    add84bccc05f2aef91f30ac93a1312c7ad0b0853034f0a511a9d6bcd9403ad3b

  • SHA512

    576ff4d5417941207df991a07f919efecfc1bf243f6db46ded2c60ea5195a20dad1f10633ee886aeeca8474d7fda193b4f980a0ccce773e884cb58c88e41015d

  • SSDEEP

    768:jIGVOr13w2Q9uOggLBj52LhzenBj2qD9KwOqLU3Y7/1H5:jkrNFQ9uOpLZ0OjLZUw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      add84bccc05f2aef91f30ac93a1312c7ad0b0853034f0a511a9d6bcd9403ad3b

    • Size

      48KB

    • MD5

      582219e4202ee2c15e4a06705e9e2d6e

    • SHA1

      2a28c06d44148570ef9d3007d34fff4ac521baa0

    • SHA256

      add84bccc05f2aef91f30ac93a1312c7ad0b0853034f0a511a9d6bcd9403ad3b

    • SHA512

      576ff4d5417941207df991a07f919efecfc1bf243f6db46ded2c60ea5195a20dad1f10633ee886aeeca8474d7fda193b4f980a0ccce773e884cb58c88e41015d

    • SSDEEP

      768:jIGVOr13w2Q9uOggLBj52LhzenBj2qD9KwOqLU3Y7/1H5:jkrNFQ9uOpLZ0OjLZUw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks