General

  • Target

    c7592e506b8717c40fc21ba7a3ac336e7009513f4e93492b5f48e64c6305c04eN

  • Size

    448KB

  • Sample

    241110-mxhamawake

  • MD5

    d04d24f672c5b70ec0f419a3987083d0

  • SHA1

    8f4c091ca570a352a8febffb15a0432822dedc57

  • SHA256

    c7592e506b8717c40fc21ba7a3ac336e7009513f4e93492b5f48e64c6305c04e

  • SHA512

    abd22d56714706e59335cb456e642448c3446b2df0c88f3ae916cc5461289f5366274eee22a75fe9c13b1488d1527e2c1386bbc72693df9692a682a1dfcef91f

  • SSDEEP

    6144:lqytT/d6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9S7:oyRo705kWM/9J6gqGBf/sAHZHbgdhgi

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c7592e506b8717c40fc21ba7a3ac336e7009513f4e93492b5f48e64c6305c04eN

    • Size

      448KB

    • MD5

      d04d24f672c5b70ec0f419a3987083d0

    • SHA1

      8f4c091ca570a352a8febffb15a0432822dedc57

    • SHA256

      c7592e506b8717c40fc21ba7a3ac336e7009513f4e93492b5f48e64c6305c04e

    • SHA512

      abd22d56714706e59335cb456e642448c3446b2df0c88f3ae916cc5461289f5366274eee22a75fe9c13b1488d1527e2c1386bbc72693df9692a682a1dfcef91f

    • SSDEEP

      6144:lqytT/d6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9S7:oyRo705kWM/9J6gqGBf/sAHZHbgdhgi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks