General

  • Target

    4e8c64fec110a536b932b3662b9151554dda6b30a95058d1dfcaff2a2ed52155N

  • Size

    45KB

  • Sample

    241110-cjzbwaxdlb

  • MD5

    4cc0f4c8062607697c6504a9f080cd80

  • SHA1

    d76c9ee41dd3ce43c8e87febb25a401b8a42dcbd

  • SHA256

    4e8c64fec110a536b932b3662b9151554dda6b30a95058d1dfcaff2a2ed52155

  • SHA512

    4b429940b648b18d96d5e947289f4ac4c53e3369748fc528feb907d7520c0f14bacbcc3cf3c4abbdfa997ca3a774e1cedf6c0fed5e398add46f0bf436ace0b16

  • SSDEEP

    768:JkaEI0ZAm8SKM2r8xBw2bElxm1EVLvyDUd4x5Z/1H58:d0ISXUYpou1q2Ud4vTe

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4e8c64fec110a536b932b3662b9151554dda6b30a95058d1dfcaff2a2ed52155N

    • Size

      45KB

    • MD5

      4cc0f4c8062607697c6504a9f080cd80

    • SHA1

      d76c9ee41dd3ce43c8e87febb25a401b8a42dcbd

    • SHA256

      4e8c64fec110a536b932b3662b9151554dda6b30a95058d1dfcaff2a2ed52155

    • SHA512

      4b429940b648b18d96d5e947289f4ac4c53e3369748fc528feb907d7520c0f14bacbcc3cf3c4abbdfa997ca3a774e1cedf6c0fed5e398add46f0bf436ace0b16

    • SSDEEP

      768:JkaEI0ZAm8SKM2r8xBw2bElxm1EVLvyDUd4x5Z/1H58:d0ISXUYpou1q2Ud4vTe

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks