General

  • Target

    3816cbaa1211f7bf2613db6206b0d6b28186e8d713a23795ae0f497e7e7b881fN

  • Size

    64KB

  • Sample

    241110-mn432ayjgj

  • MD5

    1d057623db67f64ecfa257cd12cde310

  • SHA1

    969e23fd15167f94fcb0833797c2d8ee10189641

  • SHA256

    3816cbaa1211f7bf2613db6206b0d6b28186e8d713a23795ae0f497e7e7b881f

  • SHA512

    fad0e87d1d4f67d0dc9d3b257e3d44764114645f1ff966e1f51958a6d75eca37a5dbab6d64c9b6d6aad19e2a571b1cf471c8036fd9ce000763207414e0b96ad5

  • SSDEEP

    1536:MznyreuvI3+DPOYYV9pZlLBsLnVLdGUHyNwi:LreYI3+LwZlLBsLnVUUHyNwi

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3816cbaa1211f7bf2613db6206b0d6b28186e8d713a23795ae0f497e7e7b881fN

    • Size

      64KB

    • MD5

      1d057623db67f64ecfa257cd12cde310

    • SHA1

      969e23fd15167f94fcb0833797c2d8ee10189641

    • SHA256

      3816cbaa1211f7bf2613db6206b0d6b28186e8d713a23795ae0f497e7e7b881f

    • SHA512

      fad0e87d1d4f67d0dc9d3b257e3d44764114645f1ff966e1f51958a6d75eca37a5dbab6d64c9b6d6aad19e2a571b1cf471c8036fd9ce000763207414e0b96ad5

    • SSDEEP

      1536:MznyreuvI3+DPOYYV9pZlLBsLnVLdGUHyNwi:LreYI3+LwZlLBsLnVUUHyNwi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks