General

  • Target

    cc1ba4f66391b02c83644267680c413ec7c698abf6b50f3253a381cd526577aaN

  • Size

    113KB

  • Sample

    241110-wqs8zssdmb

  • MD5

    e1aa4a449af90ea110800359cebec610

  • SHA1

    40be6e000c691c23a18c1e3204018621df6d5028

  • SHA256

    cc1ba4f66391b02c83644267680c413ec7c698abf6b50f3253a381cd526577aa

  • SHA512

    9a13e5c6f4a211ef3d8465799e0ddba7c430c5c6f32b66abca30fc61c9b3940cc3502dad37b05d7ca2966b540119b5a87d14eca2f116959dac0c208bd778be94

  • SSDEEP

    3072:sWQxDPr6y1pnCiq+IOuGkZFfFSebHWrH8wTW0:sPVpnc+97otSeWrP

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cc1ba4f66391b02c83644267680c413ec7c698abf6b50f3253a381cd526577aaN

    • Size

      113KB

    • MD5

      e1aa4a449af90ea110800359cebec610

    • SHA1

      40be6e000c691c23a18c1e3204018621df6d5028

    • SHA256

      cc1ba4f66391b02c83644267680c413ec7c698abf6b50f3253a381cd526577aa

    • SHA512

      9a13e5c6f4a211ef3d8465799e0ddba7c430c5c6f32b66abca30fc61c9b3940cc3502dad37b05d7ca2966b540119b5a87d14eca2f116959dac0c208bd778be94

    • SSDEEP

      3072:sWQxDPr6y1pnCiq+IOuGkZFfFSebHWrH8wTW0:sPVpnc+97otSeWrP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks