General

  • Target

    5ed086bc02ad1d0991dc4f45454761250f685ccba1ec01b7af4ca8dc491639bcN

  • Size

    90KB

  • Sample

    241110-mt7fcavflk

  • MD5

    c603dc51ece71ac252e57add9eec2820

  • SHA1

    e54fb284faa3ff9773e60e10ab4dcb6441a33279

  • SHA256

    5ed086bc02ad1d0991dc4f45454761250f685ccba1ec01b7af4ca8dc491639bc

  • SHA512

    bab27e2ee593afe1e67bc1482184d39f18ad85e57e710eb5844952bb0a03672c0d9c83e71af7b2a2b5f698852bcd118f1b161736bfb11c723b71c5e30d8a690c

  • SSDEEP

    1536:yhbUti1etMxCV2s8etliVI9yVnQQC4fl8k/7TZP:gwN+xC4s9tliV83T498a7TZP

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      5ed086bc02ad1d0991dc4f45454761250f685ccba1ec01b7af4ca8dc491639bcN

    • Size

      90KB

    • MD5

      c603dc51ece71ac252e57add9eec2820

    • SHA1

      e54fb284faa3ff9773e60e10ab4dcb6441a33279

    • SHA256

      5ed086bc02ad1d0991dc4f45454761250f685ccba1ec01b7af4ca8dc491639bc

    • SHA512

      bab27e2ee593afe1e67bc1482184d39f18ad85e57e710eb5844952bb0a03672c0d9c83e71af7b2a2b5f698852bcd118f1b161736bfb11c723b71c5e30d8a690c

    • SSDEEP

      1536:yhbUti1etMxCV2s8etliVI9yVnQQC4fl8k/7TZP:gwN+xC4s9tliV83T498a7TZP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks