General

  • Target

    72a2b9f103447dfde42f17fc09137d00d5ef462aed90c4875207077b0c607757N

  • Size

    64KB

  • Sample

    241110-bj6khsweqd

  • MD5

    8a7c19278db864ca2d928c2bb10ac710

  • SHA1

    9f215df79da5be597bdaf290cf90b10d867e6ad2

  • SHA256

    72a2b9f103447dfde42f17fc09137d00d5ef462aed90c4875207077b0c607757

  • SHA512

    dd2c1d659b85ddf05163651efa989d03daff0b2c4a0f97fcb9d6d31dadab4ccd25fae17e3d5f55e368fde4256b3219bd10e6f6445a036e34f0aafc5c60315854

  • SSDEEP

    768:bOYnrV+qo2T3fc5E+KX8mTjPDKbRH+txu4+/1H54FYmGKA2kms8Y/ts/9d2NzYVp:aYrV+n2fc5E+K1zD2WyfrPFW2iwTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      72a2b9f103447dfde42f17fc09137d00d5ef462aed90c4875207077b0c607757N

    • Size

      64KB

    • MD5

      8a7c19278db864ca2d928c2bb10ac710

    • SHA1

      9f215df79da5be597bdaf290cf90b10d867e6ad2

    • SHA256

      72a2b9f103447dfde42f17fc09137d00d5ef462aed90c4875207077b0c607757

    • SHA512

      dd2c1d659b85ddf05163651efa989d03daff0b2c4a0f97fcb9d6d31dadab4ccd25fae17e3d5f55e368fde4256b3219bd10e6f6445a036e34f0aafc5c60315854

    • SSDEEP

      768:bOYnrV+qo2T3fc5E+KX8mTjPDKbRH+txu4+/1H54FYmGKA2kms8Y/ts/9d2NzYVp:aYrV+n2fc5E+K1zD2WyfrPFW2iwTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks