General

  • Target

    cb9fb5a74c1762e17ba7f668103fb4950fdf841db8f7bcb1d2f00778f491d9a7N

  • Size

    72KB

  • Sample

    241110-wn1v2svpaj

  • MD5

    23b67dedb12341622462bc58877d36f0

  • SHA1

    bcb94f0e245821865ef0796b9a5298e403a0cb12

  • SHA256

    cb9fb5a74c1762e17ba7f668103fb4950fdf841db8f7bcb1d2f00778f491d9a7

  • SHA512

    936f7a354c6da633c07106122abec94115a6df1213f27507b6e8e97662069890a5c65947d47ce05f32ee9fd65d510985488a23446d76c496b7e811c4cefa48c8

  • SSDEEP

    1536:52XUiYJ7/2DDtCtIARoJGIPgUN3QivEtA:5SxYJ7/IhARoIIPgU5QJA

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cb9fb5a74c1762e17ba7f668103fb4950fdf841db8f7bcb1d2f00778f491d9a7N

    • Size

      72KB

    • MD5

      23b67dedb12341622462bc58877d36f0

    • SHA1

      bcb94f0e245821865ef0796b9a5298e403a0cb12

    • SHA256

      cb9fb5a74c1762e17ba7f668103fb4950fdf841db8f7bcb1d2f00778f491d9a7

    • SHA512

      936f7a354c6da633c07106122abec94115a6df1213f27507b6e8e97662069890a5c65947d47ce05f32ee9fd65d510985488a23446d76c496b7e811c4cefa48c8

    • SSDEEP

      1536:52XUiYJ7/2DDtCtIARoJGIPgUN3QivEtA:5SxYJ7/IhARoIIPgU5QJA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks