General

  • Target

    a36061b5a31821d936bc1dc565cf431a56fc6fd97802db0844b2d04a68156239

  • Size

    52KB

  • Sample

    241110-bk4sbavqgt

  • MD5

    d1c5f19ec47d7f858a65f422ac47b3ef

  • SHA1

    211cc0ba4f420f9937a6f76d175f179857f049b8

  • SHA256

    a36061b5a31821d936bc1dc565cf431a56fc6fd97802db0844b2d04a68156239

  • SHA512

    8afb53abd8e3390295cea7cfcc58435ae31e73301e054d29bb5e5bf1d7b991f6eb7c280877c61903dff7072c33a8901135e7797ddf2b452a3a5ad1ca69b28c1c

  • SSDEEP

    1536:Lo+3FJYgY7Nj5DRcybH4KZF8QMQIi/95yEhr+LMAdKZ:Lp6rl5yWiLMRZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a36061b5a31821d936bc1dc565cf431a56fc6fd97802db0844b2d04a68156239

    • Size

      52KB

    • MD5

      d1c5f19ec47d7f858a65f422ac47b3ef

    • SHA1

      211cc0ba4f420f9937a6f76d175f179857f049b8

    • SHA256

      a36061b5a31821d936bc1dc565cf431a56fc6fd97802db0844b2d04a68156239

    • SHA512

      8afb53abd8e3390295cea7cfcc58435ae31e73301e054d29bb5e5bf1d7b991f6eb7c280877c61903dff7072c33a8901135e7797ddf2b452a3a5ad1ca69b28c1c

    • SSDEEP

      1536:Lo+3FJYgY7Nj5DRcybH4KZF8QMQIi/95yEhr+LMAdKZ:Lp6rl5yWiLMRZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks