General

  • Target

    cb1ca78fdd1cea671c79f2275cf4325ab90e17931c45864a0797fc58a2ad5aa8N

  • Size

    219KB

  • Sample

    241110-bxb8tswfqn

  • MD5

    e9aea67583e0b3e9b4e5ab6f487b8c70

  • SHA1

    7740b56f2412abcaec4d9dce63d2258df3651ff6

  • SHA256

    cb1ca78fdd1cea671c79f2275cf4325ab90e17931c45864a0797fc58a2ad5aa8

  • SHA512

    4012fb0a46a6933b4dc0e54babc2ed30f70a1895c9b9c3643f433a95321c2f7390631378b3928e58d0261f2dfc2bdfc5cec3976e1d5288f3d16c3fd924cfd15e

  • SSDEEP

    3072:8MdJ+OeAVha2PzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBt:8vdA+0zDOO0aDD4PCxdXXwSfYrwB

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cb1ca78fdd1cea671c79f2275cf4325ab90e17931c45864a0797fc58a2ad5aa8N

    • Size

      219KB

    • MD5

      e9aea67583e0b3e9b4e5ab6f487b8c70

    • SHA1

      7740b56f2412abcaec4d9dce63d2258df3651ff6

    • SHA256

      cb1ca78fdd1cea671c79f2275cf4325ab90e17931c45864a0797fc58a2ad5aa8

    • SHA512

      4012fb0a46a6933b4dc0e54babc2ed30f70a1895c9b9c3643f433a95321c2f7390631378b3928e58d0261f2dfc2bdfc5cec3976e1d5288f3d16c3fd924cfd15e

    • SSDEEP

      3072:8MdJ+OeAVha2PzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBt:8vdA+0zDOO0aDD4PCxdXXwSfYrwB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks