General

  • Target

    ae5b9587f04bd85286f0f884199a66e8ddf4b9bba1e65344a0318fa9aeda2058N

  • Size

    345KB

  • Sample

    241110-bjzf7sypgn

  • MD5

    f6eeaf843287f4d757d1551575f9bcd0

  • SHA1

    b010293f7fb6b482111bef7dbed656b2e77d689b

  • SHA256

    ae5b9587f04bd85286f0f884199a66e8ddf4b9bba1e65344a0318fa9aeda2058

  • SHA512

    97db2f9e81b9b7db7ad53b2151222797549e20e4c1d6c6d897b6c94aa0c227c5cf4bd3cacb8e4109e42420256e9c90440de66040b83caa9980d71d18b2642b4e

  • SSDEEP

    6144:FwLKM1mMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aeK9kc:3X1uznghoaHACwBkka8eGp7dPRr6aeKr

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ae5b9587f04bd85286f0f884199a66e8ddf4b9bba1e65344a0318fa9aeda2058N

    • Size

      345KB

    • MD5

      f6eeaf843287f4d757d1551575f9bcd0

    • SHA1

      b010293f7fb6b482111bef7dbed656b2e77d689b

    • SHA256

      ae5b9587f04bd85286f0f884199a66e8ddf4b9bba1e65344a0318fa9aeda2058

    • SHA512

      97db2f9e81b9b7db7ad53b2151222797549e20e4c1d6c6d897b6c94aa0c227c5cf4bd3cacb8e4109e42420256e9c90440de66040b83caa9980d71d18b2642b4e

    • SSDEEP

      6144:FwLKM1mMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aeK9kc:3X1uznghoaHACwBkka8eGp7dPRr6aeKr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks