General

  • Target

    9e63d4d493c2789f1dd7f523cc27436b15c0799a6629e15c82b0572ae2088e12

  • Size

    91KB

  • Sample

    241110-besg4awejg

  • MD5

    876847c0983a9c96ea228278cfbc63f8

  • SHA1

    374db4a5623a69af0b5093ae4a25f23f8be9c0b2

  • SHA256

    9e63d4d493c2789f1dd7f523cc27436b15c0799a6629e15c82b0572ae2088e12

  • SHA512

    e2a8075b61943e2e90c29cf647c0526ee22b53e72c57e7492678f7afa95de6136d82a011adb207c0bb2d68d0950afc794a09c5206ce329467cd91b060261b60c

  • SSDEEP

    1536:MGSKn+s/TMPLeESaWirVROw9e9FalLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhC:HSKMzeHaWEEFalLBsLnVUUHyNwtN4/nG

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9e63d4d493c2789f1dd7f523cc27436b15c0799a6629e15c82b0572ae2088e12

    • Size

      91KB

    • MD5

      876847c0983a9c96ea228278cfbc63f8

    • SHA1

      374db4a5623a69af0b5093ae4a25f23f8be9c0b2

    • SHA256

      9e63d4d493c2789f1dd7f523cc27436b15c0799a6629e15c82b0572ae2088e12

    • SHA512

      e2a8075b61943e2e90c29cf647c0526ee22b53e72c57e7492678f7afa95de6136d82a011adb207c0bb2d68d0950afc794a09c5206ce329467cd91b060261b60c

    • SSDEEP

      1536:MGSKn+s/TMPLeESaWirVROw9e9FalLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhC:HSKMzeHaWEEFalLBsLnVUUHyNwtN4/nG

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks