General

  • Target

    ae1c84c57aa6a38fe38be99140be58a77bbaf8988b0b2865a3b1ec17d2f9f913

  • Size

    97KB

  • Sample

    241110-b42gaswlcs

  • MD5

    cfcfa54ceebdba517a5486ea24e0dce2

  • SHA1

    b4c3404f549daffff272e05f0ca64f987684e04c

  • SHA256

    ae1c84c57aa6a38fe38be99140be58a77bbaf8988b0b2865a3b1ec17d2f9f913

  • SHA512

    b3c399264e257ceea5b6a70d37543ebbd770225d7862ee9b530c781f6903f6aac520a180bef8c70e92baa8e114b9f460d3888684f402ec660f9e83acffdf9918

  • SSDEEP

    1536:aU/ihgkl94hm7JmrR3fmt3XUwXfzwE57pvJXeYZ6:F/CgkVmrNmFPzwm7pJXeK6

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ae1c84c57aa6a38fe38be99140be58a77bbaf8988b0b2865a3b1ec17d2f9f913

    • Size

      97KB

    • MD5

      cfcfa54ceebdba517a5486ea24e0dce2

    • SHA1

      b4c3404f549daffff272e05f0ca64f987684e04c

    • SHA256

      ae1c84c57aa6a38fe38be99140be58a77bbaf8988b0b2865a3b1ec17d2f9f913

    • SHA512

      b3c399264e257ceea5b6a70d37543ebbd770225d7862ee9b530c781f6903f6aac520a180bef8c70e92baa8e114b9f460d3888684f402ec660f9e83acffdf9918

    • SSDEEP

      1536:aU/ihgkl94hm7JmrR3fmt3XUwXfzwE57pvJXeYZ6:F/CgkVmrNmFPzwm7pJXeK6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks