General

  • Target

    1253cc183e8c371e06ac7b28ea2da630cbc21b3962755e660654b56b46137524N

  • Size

    344KB

  • Sample

    241110-nqjqjswcjj

  • MD5

    a7cec2d8770a002e2bd4585b18b88b10

  • SHA1

    e9ead1719585992db84c2dedb2b80f131e9fb151

  • SHA256

    1253cc183e8c371e06ac7b28ea2da630cbc21b3962755e660654b56b46137524

  • SHA512

    ec0895f8487eda9229294f68bdde2ea97e067192e2b105507c6a257c9881d970c77df529aa0634e5cf2315b51251cc4f1914a4f38c7dd10b6e3c07fe9387d555

  • SSDEEP

    6144:rFCUPX6cCpX2/mnbzvdLaD6OkPgl6bmIjlQFn:ZCCCpXImbzQD6OkPgl6bmIjKn

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1253cc183e8c371e06ac7b28ea2da630cbc21b3962755e660654b56b46137524N

    • Size

      344KB

    • MD5

      a7cec2d8770a002e2bd4585b18b88b10

    • SHA1

      e9ead1719585992db84c2dedb2b80f131e9fb151

    • SHA256

      1253cc183e8c371e06ac7b28ea2da630cbc21b3962755e660654b56b46137524

    • SHA512

      ec0895f8487eda9229294f68bdde2ea97e067192e2b105507c6a257c9881d970c77df529aa0634e5cf2315b51251cc4f1914a4f38c7dd10b6e3c07fe9387d555

    • SSDEEP

      6144:rFCUPX6cCpX2/mnbzvdLaD6OkPgl6bmIjlQFn:ZCCCpXImbzQD6OkPgl6bmIjKn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks