General

  • Target

    e3780617585299986d8efea91e1da9184f43b9604be77f236c3f89b9c2904e8d

  • Size

    194KB

  • Sample

    241110-d8z55sygqd

  • MD5

    804e5a6434632bb2cbf26524517d9420

  • SHA1

    b944549b8cdf984d46b07029d3e9b3fbb89eb3dc

  • SHA256

    e3780617585299986d8efea91e1da9184f43b9604be77f236c3f89b9c2904e8d

  • SHA512

    06d1064883df80fb21e6434bc97582e2061b58a863915c0fc5539b36258c56b3707271a7142ffad91ff26c23e6971023a3a1176d23848b5d6db0c710e0a84adf

  • SSDEEP

    3072:Od72Nk5oev9hbkwTmMIM/kEmMIGumMIc/1GV:Od7Wk5TpBT5/pbuh/UV

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e3780617585299986d8efea91e1da9184f43b9604be77f236c3f89b9c2904e8d

    • Size

      194KB

    • MD5

      804e5a6434632bb2cbf26524517d9420

    • SHA1

      b944549b8cdf984d46b07029d3e9b3fbb89eb3dc

    • SHA256

      e3780617585299986d8efea91e1da9184f43b9604be77f236c3f89b9c2904e8d

    • SHA512

      06d1064883df80fb21e6434bc97582e2061b58a863915c0fc5539b36258c56b3707271a7142ffad91ff26c23e6971023a3a1176d23848b5d6db0c710e0a84adf

    • SSDEEP

      3072:Od72Nk5oev9hbkwTmMIM/kEmMIGumMIc/1GV:Od7Wk5TpBT5/pbuh/UV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks