General

  • Target

    db7d4f21b73f11dcb85ad0165912adc3feb1ccca994f633011e9d12182300dce

  • Size

    49KB

  • Sample

    241110-dxb9yayeng

  • MD5

    accca81007f8482ee6e48158c4fcbbaf

  • SHA1

    f9acb5ba43f270c20f899f07d8bbf39efaaf25f2

  • SHA256

    db7d4f21b73f11dcb85ad0165912adc3feb1ccca994f633011e9d12182300dce

  • SHA512

    f655d11e8ac44a69782a038acb37bee97d79c9a708cb4ceba5e50a0d1c972d6abd2fdd9e847e6f0eff5b2f19809fffbb6bbe2fb53a923402359329e1a717af04

  • SSDEEP

    768:Eqt9xYPSLynv2ueVJ4wfFc5UmrQOyQE8cdpf0GdkjHFc/1H5/q2Xdnh:Eq9YPLnIJ4wfySmrQOHcdZ0qoHFSd

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      db7d4f21b73f11dcb85ad0165912adc3feb1ccca994f633011e9d12182300dce

    • Size

      49KB

    • MD5

      accca81007f8482ee6e48158c4fcbbaf

    • SHA1

      f9acb5ba43f270c20f899f07d8bbf39efaaf25f2

    • SHA256

      db7d4f21b73f11dcb85ad0165912adc3feb1ccca994f633011e9d12182300dce

    • SHA512

      f655d11e8ac44a69782a038acb37bee97d79c9a708cb4ceba5e50a0d1c972d6abd2fdd9e847e6f0eff5b2f19809fffbb6bbe2fb53a923402359329e1a717af04

    • SSDEEP

      768:Eqt9xYPSLynv2ueVJ4wfFc5UmrQOyQE8cdpf0GdkjHFc/1H5/q2Xdnh:Eq9YPLnIJ4wfySmrQOHcdZ0qoHFSd

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks