General

  • Target

    71090b19df3feeedcf8768c4eba034e541070a4b444a8e743669b9fe541ed227N

  • Size

    45KB

  • Sample

    241110-r9atjayfkl

  • MD5

    b5dd08be98777a1f721f43788a0614f0

  • SHA1

    28b95cb96e3b6d68779db03f69aab28ea901075f

  • SHA256

    71090b19df3feeedcf8768c4eba034e541070a4b444a8e743669b9fe541ed227

  • SHA512

    1decd2625a70c64d55e4c5b660e69e8cbf2ce8c1ffa11b9f93e5ed5f7724a9f253be291db5fe8044bed8064ad4029269a1d7da5bd4b9bcb64e84578e4a99ce6e

  • SSDEEP

    768:joJN3duay6ok8loP3vd/ygDqGuOt6L4wq+WQqT87EllQ1d0/1H50:joJddu3vk84xbGpOt6L4wq+WQg87Ell2

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      71090b19df3feeedcf8768c4eba034e541070a4b444a8e743669b9fe541ed227N

    • Size

      45KB

    • MD5

      b5dd08be98777a1f721f43788a0614f0

    • SHA1

      28b95cb96e3b6d68779db03f69aab28ea901075f

    • SHA256

      71090b19df3feeedcf8768c4eba034e541070a4b444a8e743669b9fe541ed227

    • SHA512

      1decd2625a70c64d55e4c5b660e69e8cbf2ce8c1ffa11b9f93e5ed5f7724a9f253be291db5fe8044bed8064ad4029269a1d7da5bd4b9bcb64e84578e4a99ce6e

    • SSDEEP

      768:joJN3duay6ok8loP3vd/ygDqGuOt6L4wq+WQqT87EllQ1d0/1H50:joJddu3vk84xbGpOt6L4wq+WQg87Ell2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks