General

  • Target

    7ed666c57e20f6d60642238c8463c62ae54db500ab53276bb89d5438d6a0ad65N

  • Size

    64KB

  • Sample

    241110-nplhravph1

  • MD5

    78ffd280d46353409bd5f3947ba3f6e0

  • SHA1

    51dd878bb60e5345259dfd3ed21d18a9bb442b28

  • SHA256

    7ed666c57e20f6d60642238c8463c62ae54db500ab53276bb89d5438d6a0ad65

  • SHA512

    63a7f9576d2ba2bd5e2b25c9b390984a1016f3015a7fa35958bfbb691c9a3d00b694713b14b379d86a60b2b47cbfe9d3a26cc2e41525d0e54c911ccf3a4cb569

  • SSDEEP

    768:tbhf6TWoaFQbEDycz4kbtqMFVQUODgT/vT8p3kBGv0Hza2/1H5Hm6XJ1IwEGp9TY:vfIVodqatqY+U66w3kB5dFXUwXfzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7ed666c57e20f6d60642238c8463c62ae54db500ab53276bb89d5438d6a0ad65N

    • Size

      64KB

    • MD5

      78ffd280d46353409bd5f3947ba3f6e0

    • SHA1

      51dd878bb60e5345259dfd3ed21d18a9bb442b28

    • SHA256

      7ed666c57e20f6d60642238c8463c62ae54db500ab53276bb89d5438d6a0ad65

    • SHA512

      63a7f9576d2ba2bd5e2b25c9b390984a1016f3015a7fa35958bfbb691c9a3d00b694713b14b379d86a60b2b47cbfe9d3a26cc2e41525d0e54c911ccf3a4cb569

    • SSDEEP

      768:tbhf6TWoaFQbEDycz4kbtqMFVQUODgT/vT8p3kBGv0Hza2/1H5Hm6XJ1IwEGp9TY:vfIVodqatqY+U66w3kB5dFXUwXfzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks