General

  • Target

    9e09be751bba25f558ca9cfc24854eda0d1ce47902ff410f61dceed957796973N

  • Size

    72KB

  • Sample

    241110-sqh68szcja

  • MD5

    7a759b71c816bcef15fe4848aeaf0b70

  • SHA1

    7d382dc5fbf6ce22e69acb5ba445e81d9fd77353

  • SHA256

    9e09be751bba25f558ca9cfc24854eda0d1ce47902ff410f61dceed957796973

  • SHA512

    a075523f421145d63c5af9185f6fd02c48523bc8e9411438be756dd8dea55c366e4aaf5307b50bf728b9d4e8c27592628ebbf2c0c91ce8060b35d02e74fe075c

  • SSDEEP

    1536:6DR4hC0CVg7bKv+q7V0GUM8Wt+n+a66b9f3SwPgUN3QivEtA:6TA7bKv+KVJPd+n+a99f37PgU5QJA

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9e09be751bba25f558ca9cfc24854eda0d1ce47902ff410f61dceed957796973N

    • Size

      72KB

    • MD5

      7a759b71c816bcef15fe4848aeaf0b70

    • SHA1

      7d382dc5fbf6ce22e69acb5ba445e81d9fd77353

    • SHA256

      9e09be751bba25f558ca9cfc24854eda0d1ce47902ff410f61dceed957796973

    • SHA512

      a075523f421145d63c5af9185f6fd02c48523bc8e9411438be756dd8dea55c366e4aaf5307b50bf728b9d4e8c27592628ebbf2c0c91ce8060b35d02e74fe075c

    • SSDEEP

      1536:6DR4hC0CVg7bKv+q7V0GUM8Wt+n+a66b9f3SwPgUN3QivEtA:6TA7bKv+KVJPd+n+a99f37PgU5QJA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks