General

  • Target

    03fefde3fb961cb236dcec7f4dec9844eda9c9aeac42be39d360927ff9e3be6fN

  • Size

    1.2MB

  • Sample

    241110-s441vszelg

  • MD5

    d3738301635054289263ae1131f36fe0

  • SHA1

    78d2f195fc847b570d59658e01e9191dfc628b7d

  • SHA256

    03fefde3fb961cb236dcec7f4dec9844eda9c9aeac42be39d360927ff9e3be6f

  • SHA512

    72e100185b80dc5a4adcd81f98264c47e1317e7eb53f49bc06b92129f78b362ac2d03db32889d894e193e1dab67ef67997dad28a6112aead2c070a021039133e

  • SSDEEP

    24576:iE3njaPh2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2EvZHp3oWQy60as:93njEbazR0vKLXZWy60as

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      03fefde3fb961cb236dcec7f4dec9844eda9c9aeac42be39d360927ff9e3be6fN

    • Size

      1.2MB

    • MD5

      d3738301635054289263ae1131f36fe0

    • SHA1

      78d2f195fc847b570d59658e01e9191dfc628b7d

    • SHA256

      03fefde3fb961cb236dcec7f4dec9844eda9c9aeac42be39d360927ff9e3be6f

    • SHA512

      72e100185b80dc5a4adcd81f98264c47e1317e7eb53f49bc06b92129f78b362ac2d03db32889d894e193e1dab67ef67997dad28a6112aead2c070a021039133e

    • SSDEEP

      24576:iE3njaPh2kkkkK4kXkkkkkkkkhLX3a20R0v50+YNpsKv2EvZHp3oWQy60as:93njEbazR0vKLXZWy60as

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks