General

  • Target

    60f3f49d2b6a3ca1a0b816113281b6537ed33a9b07478cb6fa7d1c7143a12bd3N

  • Size

    67KB

  • Sample

    241110-b5l31awldw

  • MD5

    9b03c9a3721a60c3fb95594f2dc77c10

  • SHA1

    bfa4ad43714599b591a74d672560314fdd300f00

  • SHA256

    60f3f49d2b6a3ca1a0b816113281b6537ed33a9b07478cb6fa7d1c7143a12bd3

  • SHA512

    90d80d3840c2eb6ee2c451e17f3eb948a61b9f658a8c81642df61be37bd0533409e80436dc908f82aa9c7e415ae35da381e08743e6efaacfb106ae25c66662a8

  • SSDEEP

    1536:Cvb9+6KffTSh/ggBrsK5TJ2sJifTduD4oTxw:CD9UjQ/Z/50sJibdMTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      60f3f49d2b6a3ca1a0b816113281b6537ed33a9b07478cb6fa7d1c7143a12bd3N

    • Size

      67KB

    • MD5

      9b03c9a3721a60c3fb95594f2dc77c10

    • SHA1

      bfa4ad43714599b591a74d672560314fdd300f00

    • SHA256

      60f3f49d2b6a3ca1a0b816113281b6537ed33a9b07478cb6fa7d1c7143a12bd3

    • SHA512

      90d80d3840c2eb6ee2c451e17f3eb948a61b9f658a8c81642df61be37bd0533409e80436dc908f82aa9c7e415ae35da381e08743e6efaacfb106ae25c66662a8

    • SSDEEP

      1536:Cvb9+6KffTSh/ggBrsK5TJ2sJifTduD4oTxw:CD9UjQ/Z/50sJibdMTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks