General

  • Target

    9440d199d1d7358341b8f8a5ef21265bd60c1fbc86b44a6fe98d06ad35fe505bN

  • Size

    63KB

  • Sample

    241110-mp84dayjhl

  • MD5

    3f6b1efc131c5a4bd3dfa7e4ca4e4280

  • SHA1

    1a19b21e36f86a50efb9f78f89555079347cd137

  • SHA256

    9440d199d1d7358341b8f8a5ef21265bd60c1fbc86b44a6fe98d06ad35fe505b

  • SHA512

    6a1b72525627da7e70e1c503d55be023a16849a24b4d47127fade132e87ec35a0d99df232bb98c08aa711b384f87ebf8fec28738c202c61933fb06693bdb346b

  • SSDEEP

    768:PdVtJiyVoml0BwsUFDd0gEVhBzaak/1H5oVEsmrUTvn93b7NRDMFME3eUgU:PdjJDqBz/6+VgEn9rjDHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9440d199d1d7358341b8f8a5ef21265bd60c1fbc86b44a6fe98d06ad35fe505bN

    • Size

      63KB

    • MD5

      3f6b1efc131c5a4bd3dfa7e4ca4e4280

    • SHA1

      1a19b21e36f86a50efb9f78f89555079347cd137

    • SHA256

      9440d199d1d7358341b8f8a5ef21265bd60c1fbc86b44a6fe98d06ad35fe505b

    • SHA512

      6a1b72525627da7e70e1c503d55be023a16849a24b4d47127fade132e87ec35a0d99df232bb98c08aa711b384f87ebf8fec28738c202c61933fb06693bdb346b

    • SSDEEP

      768:PdVtJiyVoml0BwsUFDd0gEVhBzaak/1H5oVEsmrUTvn93b7NRDMFME3eUgU:PdjJDqBz/6+VgEn9rjDHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks