General

  • Target

    903574db35b99d787a8d90fc29ff3fb34a248f1d604c021f3911b76861fd6a89N

  • Size

    67KB

  • Sample

    241110-ckna1axcjk

  • MD5

    d6a68c9f195a957924e68a10a18b2c30

  • SHA1

    d3652f7654b41e4e626ca67200789ac4da7efe99

  • SHA256

    903574db35b99d787a8d90fc29ff3fb34a248f1d604c021f3911b76861fd6a89

  • SHA512

    f5018ba64c8d8378ef3c95d562baffb67465963adfba40af11f352e4bbad072b916e788ab176a73ff74b856c29f6b7c32be64a1bf07d251149aefdbe02d82eca

  • SSDEEP

    1536:LxVeoHiEyTo0fISzQwvsJifTduD4oTxw:dBHDgQcsJibdMTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      903574db35b99d787a8d90fc29ff3fb34a248f1d604c021f3911b76861fd6a89N

    • Size

      67KB

    • MD5

      d6a68c9f195a957924e68a10a18b2c30

    • SHA1

      d3652f7654b41e4e626ca67200789ac4da7efe99

    • SHA256

      903574db35b99d787a8d90fc29ff3fb34a248f1d604c021f3911b76861fd6a89

    • SHA512

      f5018ba64c8d8378ef3c95d562baffb67465963adfba40af11f352e4bbad072b916e788ab176a73ff74b856c29f6b7c32be64a1bf07d251149aefdbe02d82eca

    • SSDEEP

      1536:LxVeoHiEyTo0fISzQwvsJifTduD4oTxw:dBHDgQcsJibdMTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks