General

  • Target

    a8d8946eca34a60fd937141bb3c61cc0cec957739aa273a7623e500c3335cf93N

  • Size

    91KB

  • Sample

    241110-qkynmaxejk

  • MD5

    85ecc358b1bd95d65d83205b7710eec0

  • SHA1

    fffb062ad0dff82dbd43e2492b482f765d71a53c

  • SHA256

    a8d8946eca34a60fd937141bb3c61cc0cec957739aa273a7623e500c3335cf93

  • SHA512

    b24a4a0be3f73fc0d5e82e47318ab087ddae778dc52580217aba74636cd23377e27f91f7263d2457cb1d0552003ba1d28a1ed23bd9cfb050beb9a040451791b7

  • SSDEEP

    1536:WgcZgBkCrKqlQdyR2ylLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:ncZ8nrKEQdyEylLBsLnVUUHyNwtN4/nG

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a8d8946eca34a60fd937141bb3c61cc0cec957739aa273a7623e500c3335cf93N

    • Size

      91KB

    • MD5

      85ecc358b1bd95d65d83205b7710eec0

    • SHA1

      fffb062ad0dff82dbd43e2492b482f765d71a53c

    • SHA256

      a8d8946eca34a60fd937141bb3c61cc0cec957739aa273a7623e500c3335cf93

    • SHA512

      b24a4a0be3f73fc0d5e82e47318ab087ddae778dc52580217aba74636cd23377e27f91f7263d2457cb1d0552003ba1d28a1ed23bd9cfb050beb9a040451791b7

    • SSDEEP

      1536:WgcZgBkCrKqlQdyR2ylLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:ncZ8nrKEQdyEylLBsLnVUUHyNwtN4/nG

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks