General

  • Target

    41c14a269964ddbae4ad97f5e1d4b6471a0d1031da9c18c9a358a2bf7866e8d9N

  • Size

    163KB

  • Sample

    241110-mwgbyavkez

  • MD5

    c579079522f1ee995f2b7fbb9ca9ba20

  • SHA1

    f0bfebc070348f50840012593bb2558995fb374f

  • SHA256

    41c14a269964ddbae4ad97f5e1d4b6471a0d1031da9c18c9a358a2bf7866e8d9

  • SHA512

    68dd1a51534676b28c4d4572c578555e339204d6c0ca46db90d6dba1b38dcca48bddc0fffc52f9fcb817b326a7a554e39c69c4a170106b0dffe4bfbda3928ddc

  • SSDEEP

    1536:vOci33HjXJrgqL5sVTjjFOpoZSylQtfeX90AtGRhKW+jujAEjh8DTL9GIvg/SylE:1oHhgmoTgpAYgnWAUjWDUIwLyc4F

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      41c14a269964ddbae4ad97f5e1d4b6471a0d1031da9c18c9a358a2bf7866e8d9N

    • Size

      163KB

    • MD5

      c579079522f1ee995f2b7fbb9ca9ba20

    • SHA1

      f0bfebc070348f50840012593bb2558995fb374f

    • SHA256

      41c14a269964ddbae4ad97f5e1d4b6471a0d1031da9c18c9a358a2bf7866e8d9

    • SHA512

      68dd1a51534676b28c4d4572c578555e339204d6c0ca46db90d6dba1b38dcca48bddc0fffc52f9fcb817b326a7a554e39c69c4a170106b0dffe4bfbda3928ddc

    • SSDEEP

      1536:vOci33HjXJrgqL5sVTjjFOpoZSylQtfeX90AtGRhKW+jujAEjh8DTL9GIvg/SylE:1oHhgmoTgpAYgnWAUjWDUIwLyc4F

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks