General

  • Target

    34841a13f96e9a9004e39fcedf574be371405ad1620cf3832804d3dfbd1ea7acN

  • Size

    97KB

  • Sample

    241110-b7q5qszlcp

  • MD5

    b1eb8011e5822af13bcec6f66eb48150

  • SHA1

    c4d927ba6ad6f2daa9efcd06043128c71fea3554

  • SHA256

    34841a13f96e9a9004e39fcedf574be371405ad1620cf3832804d3dfbd1ea7ac

  • SHA512

    bd91ffb604b73aa3a663fba87c6dbeca459834121fbd7209adbdaddc8ff127cb9095a15f4cfb9d1f2e237614af20092582c1a161e6f2c665288a6ab77479a626

  • SSDEEP

    1536:aqtItAyIINcIEaf64ebwyJa4XUwXfzwE57pvJXeYZ6:cAyIINcIEaf6NNJasPzwm7pJXeK6

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      34841a13f96e9a9004e39fcedf574be371405ad1620cf3832804d3dfbd1ea7acN

    • Size

      97KB

    • MD5

      b1eb8011e5822af13bcec6f66eb48150

    • SHA1

      c4d927ba6ad6f2daa9efcd06043128c71fea3554

    • SHA256

      34841a13f96e9a9004e39fcedf574be371405ad1620cf3832804d3dfbd1ea7ac

    • SHA512

      bd91ffb604b73aa3a663fba87c6dbeca459834121fbd7209adbdaddc8ff127cb9095a15f4cfb9d1f2e237614af20092582c1a161e6f2c665288a6ab77479a626

    • SSDEEP

      1536:aqtItAyIINcIEaf64ebwyJa4XUwXfzwE57pvJXeYZ6:cAyIINcIEaf6NNJasPzwm7pJXeK6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks