General

  • Target

    b09219f6e314dfe5d5a6a86ed31b1d546a34e50c55e08b88a9583a1e49af4d48N

  • Size

    52KB

  • Sample

    241110-nndrhswekb

  • MD5

    52fbdf97a0affcae19ef0d55183bfc10

  • SHA1

    a5256cb0e39a9d5cb102f3f7b9770c30caae4991

  • SHA256

    b09219f6e314dfe5d5a6a86ed31b1d546a34e50c55e08b88a9583a1e49af4d48

  • SHA512

    08586fede7df116b66fce0981d564adb17ebc441849a1448aff54a8c79025c70ea447c2d107feed5333f8fec33c82ba87117a25fe3671e89aee28aade8841783

  • SSDEEP

    768:u8Srt5ArhTUBqwFeCvkqqIbwsY4l31LyQbvhN4/1H5F/sXWMABvKWe:zYtuNYvQCsqTbTbLWQbpN++WMAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b09219f6e314dfe5d5a6a86ed31b1d546a34e50c55e08b88a9583a1e49af4d48N

    • Size

      52KB

    • MD5

      52fbdf97a0affcae19ef0d55183bfc10

    • SHA1

      a5256cb0e39a9d5cb102f3f7b9770c30caae4991

    • SHA256

      b09219f6e314dfe5d5a6a86ed31b1d546a34e50c55e08b88a9583a1e49af4d48

    • SHA512

      08586fede7df116b66fce0981d564adb17ebc441849a1448aff54a8c79025c70ea447c2d107feed5333f8fec33c82ba87117a25fe3671e89aee28aade8841783

    • SSDEEP

      768:u8Srt5ArhTUBqwFeCvkqqIbwsY4l31LyQbvhN4/1H5F/sXWMABvKWe:zYtuNYvQCsqTbTbLWQbpN++WMAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks