General

  • Target

    bbe5953e590738fd426de73cf6a0808f014d86b86010e8d7096f01293de7fa09N

  • Size

    64KB

  • Sample

    241110-sqw34azcjh

  • MD5

    65a0216c44b9311e85dcbad96f09c2e0

  • SHA1

    c7bb0224d63c551119c2f351a190b539e78abb6e

  • SHA256

    bbe5953e590738fd426de73cf6a0808f014d86b86010e8d7096f01293de7fa09

  • SHA512

    eef879305c0eb93a752adf25c21bcb4693218af9a41bf492bc4194cb9d8a3fc7ae783ff7f31e2c68d9f6408a1c30996ec6b482885b5477c386517276144a4f94

  • SSDEEP

    768:+EF2qE5M6Nw96DlCK8TugJPw45mBtNKnhXGwJ//1H5sh6XJ1IwEGp9ThfzyYsHv:+EF2fJw8RClwVUdPJXUwXfzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      bbe5953e590738fd426de73cf6a0808f014d86b86010e8d7096f01293de7fa09N

    • Size

      64KB

    • MD5

      65a0216c44b9311e85dcbad96f09c2e0

    • SHA1

      c7bb0224d63c551119c2f351a190b539e78abb6e

    • SHA256

      bbe5953e590738fd426de73cf6a0808f014d86b86010e8d7096f01293de7fa09

    • SHA512

      eef879305c0eb93a752adf25c21bcb4693218af9a41bf492bc4194cb9d8a3fc7ae783ff7f31e2c68d9f6408a1c30996ec6b482885b5477c386517276144a4f94

    • SSDEEP

      768:+EF2qE5M6Nw96DlCK8TugJPw45mBtNKnhXGwJ//1H5sh6XJ1IwEGp9ThfzyYsHv:+EF2fJw8RClwVUdPJXUwXfzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks