General

  • Target

    b743e8bf7b5c1a9a903c54fc2a6a563e47dc0efc937eec6c100cd99c10f742cf

  • Size

    194KB

  • Sample

    241110-cfbreawncv

  • MD5

    f38f58ed437a5ae5bf8d43498f6cfa48

  • SHA1

    4af7cfee0f52b31315a6f6aebbec4983601cbd52

  • SHA256

    b743e8bf7b5c1a9a903c54fc2a6a563e47dc0efc937eec6c100cd99c10f742cf

  • SHA512

    971d5b7c357dda02026de7326c4f19bce84c23959f4dab0cd45f81d52f367f3dac9622b536a8684439b9e00fa1f7178842affc83e0fc2228ffc281989ea6e458

  • SSDEEP

    3072:qBkEBhUUyWIRAmMIM/kEmMIGumMIc/1GV:qBkEBhvhIRA5/pbuh/UV

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b743e8bf7b5c1a9a903c54fc2a6a563e47dc0efc937eec6c100cd99c10f742cf

    • Size

      194KB

    • MD5

      f38f58ed437a5ae5bf8d43498f6cfa48

    • SHA1

      4af7cfee0f52b31315a6f6aebbec4983601cbd52

    • SHA256

      b743e8bf7b5c1a9a903c54fc2a6a563e47dc0efc937eec6c100cd99c10f742cf

    • SHA512

      971d5b7c357dda02026de7326c4f19bce84c23959f4dab0cd45f81d52f367f3dac9622b536a8684439b9e00fa1f7178842affc83e0fc2228ffc281989ea6e458

    • SSDEEP

      3072:qBkEBhUUyWIRAmMIM/kEmMIGumMIc/1GV:qBkEBhvhIRA5/pbuh/UV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks