General

  • Target

    6ffaccef2d67ca42de011e4a4f6137d216b524a4c333c286dd1fc207014c7a2bN

  • Size

    182KB

  • Sample

    241110-ngyhcawdld

  • MD5

    11c70a43d6f5f23070a4630079a67660

  • SHA1

    6116b58f4b243afd5de4ace483d0cf9e13ee8743

  • SHA256

    6ffaccef2d67ca42de011e4a4f6137d216b524a4c333c286dd1fc207014c7a2b

  • SHA512

    dade2067e83f1edc6bae6466aaac13e1486c89202b4205b85ad2fdcbca793d19df95114dbf43f37148e3fd8e2e38a4bebcb5b298bd151d9bcbc6e9d97a19b166

  • SSDEEP

    3072:/DdQbTnRmFZuYVE2ok8h8RuWFL8XpXJLCXszp7+QVk8h8RuWFL:R6mF432obuRuWFL8XpZLeszp7zVbuRuK

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6ffaccef2d67ca42de011e4a4f6137d216b524a4c333c286dd1fc207014c7a2bN

    • Size

      182KB

    • MD5

      11c70a43d6f5f23070a4630079a67660

    • SHA1

      6116b58f4b243afd5de4ace483d0cf9e13ee8743

    • SHA256

      6ffaccef2d67ca42de011e4a4f6137d216b524a4c333c286dd1fc207014c7a2b

    • SHA512

      dade2067e83f1edc6bae6466aaac13e1486c89202b4205b85ad2fdcbca793d19df95114dbf43f37148e3fd8e2e38a4bebcb5b298bd151d9bcbc6e9d97a19b166

    • SSDEEP

      3072:/DdQbTnRmFZuYVE2ok8h8RuWFL8XpXJLCXszp7+QVk8h8RuWFL:R6mF432obuRuWFL8XpZLeszp7zVbuRuK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks