General

  • Target

    c0b7adff58c9384b9b8f3e0654840e85ad4a270f00900f9d0c75f33244a9e998

  • Size

    411KB

  • Sample

    241110-cs1ajaxdmn

  • MD5

    bccf599127fa2da691aa29e9fe71b835

  • SHA1

    86ab9a7f5bfac92abd34dcb77576d46bf1f4a194

  • SHA256

    c0b7adff58c9384b9b8f3e0654840e85ad4a270f00900f9d0c75f33244a9e998

  • SHA512

    40b0cb4088520665618ccce980a40d47997f8a9d0f6d777568bcc3b56dfd2d4a1f4ed33f46114cace2f838725da5db322a444a0642d8c10d17510cb4cc3fae77

  • SSDEEP

    6144:ZXMcU86s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9SKO:Z8ck705kWM/9J6gqGBf/sAHZHbg5

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c0b7adff58c9384b9b8f3e0654840e85ad4a270f00900f9d0c75f33244a9e998

    • Size

      411KB

    • MD5

      bccf599127fa2da691aa29e9fe71b835

    • SHA1

      86ab9a7f5bfac92abd34dcb77576d46bf1f4a194

    • SHA256

      c0b7adff58c9384b9b8f3e0654840e85ad4a270f00900f9d0c75f33244a9e998

    • SHA512

      40b0cb4088520665618ccce980a40d47997f8a9d0f6d777568bcc3b56dfd2d4a1f4ed33f46114cace2f838725da5db322a444a0642d8c10d17510cb4cc3fae77

    • SSDEEP

      6144:ZXMcU86s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9SKO:Z8ck705kWM/9J6gqGBf/sAHZHbg5

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks