General

  • Target

    136f600bdc00ed5371b07268949cc450f0e275d6b24d1c0549cbedfb34935aa3N

  • Size

    192KB

  • Sample

    241110-bfb7haypbq

  • MD5

    e2b46f640e8d8dab4a146fd7723e0870

  • SHA1

    eb3e24100bffa9d9b8077c7b654a984e30898a58

  • SHA256

    136f600bdc00ed5371b07268949cc450f0e275d6b24d1c0549cbedfb34935aa3

  • SHA512

    c4328df3771effbb10a248d3dd97618b6df2e7b1b2347ae47ed99f3bcda176d12a6ab5c3fd2e2d981f92e1f377903ea34ba127550ee0f73cb9f983dc356b6f2e

  • SSDEEP

    3072:qywKQJh5FjHS65TRkG24ho1mtye3lFDrFDHZtO8jJkiUi8ChpBhx5Zd424hoc:B2/grsFj5tPNki9HZdc

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      136f600bdc00ed5371b07268949cc450f0e275d6b24d1c0549cbedfb34935aa3N

    • Size

      192KB

    • MD5

      e2b46f640e8d8dab4a146fd7723e0870

    • SHA1

      eb3e24100bffa9d9b8077c7b654a984e30898a58

    • SHA256

      136f600bdc00ed5371b07268949cc450f0e275d6b24d1c0549cbedfb34935aa3

    • SHA512

      c4328df3771effbb10a248d3dd97618b6df2e7b1b2347ae47ed99f3bcda176d12a6ab5c3fd2e2d981f92e1f377903ea34ba127550ee0f73cb9f983dc356b6f2e

    • SSDEEP

      3072:qywKQJh5FjHS65TRkG24ho1mtye3lFDrFDHZtO8jJkiUi8ChpBhx5Zd424hoc:B2/grsFj5tPNki9HZdc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks