General

  • Target

    db12492b0f537529fc23999684936e7ea715648bade62a67a6fabf37db2c7161

  • Size

    512KB

  • Sample

    241110-dw5j4ayene

  • MD5

    b991d43edc17f22ca20e5c383b03adbb

  • SHA1

    ca944a51beece7bb96870ae549b71c94f3243b9b

  • SHA256

    db12492b0f537529fc23999684936e7ea715648bade62a67a6fabf37db2c7161

  • SHA512

    dc9376aa962a33bec7674e44bd97d753303e746fde1876be9820ada66ef2f4afc481763f7f1c9d7b244d80dae69989ac96ff75443aab964724ab9b6f7a64b1e4

  • SSDEEP

    6144:ESYfBhvavUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:ELBhpUG5t1sI5yl48pArv8o4L

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      db12492b0f537529fc23999684936e7ea715648bade62a67a6fabf37db2c7161

    • Size

      512KB

    • MD5

      b991d43edc17f22ca20e5c383b03adbb

    • SHA1

      ca944a51beece7bb96870ae549b71c94f3243b9b

    • SHA256

      db12492b0f537529fc23999684936e7ea715648bade62a67a6fabf37db2c7161

    • SHA512

      dc9376aa962a33bec7674e44bd97d753303e746fde1876be9820ada66ef2f4afc481763f7f1c9d7b244d80dae69989ac96ff75443aab964724ab9b6f7a64b1e4

    • SSDEEP

      6144:ESYfBhvavUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:ELBhpUG5t1sI5yl48pArv8o4L

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks