General

  • Target

    b38ec2d4c81931e03a95994ea1e0c63f2090b2de4a52b3ba7ff18624b4d6b4acN

  • Size

    45KB

  • Sample

    241110-cgsrbazmhr

  • MD5

    61d92f710495df4676046ac903b9d310

  • SHA1

    2af98acece4dff57dddd408d6ae1155d00c7ad91

  • SHA256

    b38ec2d4c81931e03a95994ea1e0c63f2090b2de4a52b3ba7ff18624b4d6b4ac

  • SHA512

    bb29eed834f84db8af9b2becce10c6ca3c838358b79f61dcd916658de8cfa837a68df5814a4cafb65b2ef6332eb586a543f57909fbb8c5077bb05ac95afd3515

  • SSDEEP

    768:lW0AuHaf76OD5cvdrSfzj4JZjxE1FrwnW+VKwMgmE7t11eVhWnHiD+bfw/1H5W:lW0AJJcEfzj4DjxGWx0wMhEP1eVI6a2s

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b38ec2d4c81931e03a95994ea1e0c63f2090b2de4a52b3ba7ff18624b4d6b4acN

    • Size

      45KB

    • MD5

      61d92f710495df4676046ac903b9d310

    • SHA1

      2af98acece4dff57dddd408d6ae1155d00c7ad91

    • SHA256

      b38ec2d4c81931e03a95994ea1e0c63f2090b2de4a52b3ba7ff18624b4d6b4ac

    • SHA512

      bb29eed834f84db8af9b2becce10c6ca3c838358b79f61dcd916658de8cfa837a68df5814a4cafb65b2ef6332eb586a543f57909fbb8c5077bb05ac95afd3515

    • SSDEEP

      768:lW0AuHaf76OD5cvdrSfzj4JZjxE1FrwnW+VKwMgmE7t11eVhWnHiD+bfw/1H5W:lW0AJJcEfzj4DjxGWx0wMhEP1eVI6a2s

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks