General

  • Target

    e7a58f038630e0397c2006b8bfada019335a0dee67566c76f676c2c6d7caf6a7N

  • Size

    64KB

  • Sample

    241110-wtmwdasbjn

  • MD5

    56c88f6c2759993f1d4addb567ad61b0

  • SHA1

    52c5b088b6643d528cbe718bc5914d806a5c5b0a

  • SHA256

    e7a58f038630e0397c2006b8bfada019335a0dee67566c76f676c2c6d7caf6a7

  • SHA512

    6ecdf28f8b9d8e0dee9b570726509e98d3b2b1292c74ae56e81c9faa9b9b15d9c97cc23c944fb30d4348cf479e41f16d7c9b0c38a0337765eb8f679d3bf273b1

  • SSDEEP

    1536:KBny/SR7vW0AGMkVJYUaG9QlwZFWyerPFW2iwTbWv:Kly/SdPALiQ+FXaFW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e7a58f038630e0397c2006b8bfada019335a0dee67566c76f676c2c6d7caf6a7N

    • Size

      64KB

    • MD5

      56c88f6c2759993f1d4addb567ad61b0

    • SHA1

      52c5b088b6643d528cbe718bc5914d806a5c5b0a

    • SHA256

      e7a58f038630e0397c2006b8bfada019335a0dee67566c76f676c2c6d7caf6a7

    • SHA512

      6ecdf28f8b9d8e0dee9b570726509e98d3b2b1292c74ae56e81c9faa9b9b15d9c97cc23c944fb30d4348cf479e41f16d7c9b0c38a0337765eb8f679d3bf273b1

    • SSDEEP

      1536:KBny/SR7vW0AGMkVJYUaG9QlwZFWyerPFW2iwTbWv:Kly/SdPALiQ+FXaFW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks