General

  • Target

    2d909e8313de252e564d7aed58debbda2fce63d749052a3726e5c7f586d7c40fN

  • Size

    64KB

  • Sample

    241111-phx4msygrm

  • MD5

    41c4a2b7a70acb1caa150d0a16ad0430

  • SHA1

    bdce12b3e4915a0b5f693ccdf667c7182f8ba182

  • SHA256

    2d909e8313de252e564d7aed58debbda2fce63d749052a3726e5c7f586d7c40f

  • SHA512

    4d930be66157a8f33ca275998671796e12baf9cc685d72e0574b8b6418b473991ff4b4af96d95c81047f12779f48fd392f32fd354f8ce374aa34e69d4f964838

  • SSDEEP

    1536:vRs7js4YCDSBsadqTYx64Mru+q5DAERRHWy6ZrPFW2iwTbWv:KvsFCDSBsadqTM6H7qtHX6dFW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2d909e8313de252e564d7aed58debbda2fce63d749052a3726e5c7f586d7c40fN

    • Size

      64KB

    • MD5

      41c4a2b7a70acb1caa150d0a16ad0430

    • SHA1

      bdce12b3e4915a0b5f693ccdf667c7182f8ba182

    • SHA256

      2d909e8313de252e564d7aed58debbda2fce63d749052a3726e5c7f586d7c40f

    • SHA512

      4d930be66157a8f33ca275998671796e12baf9cc685d72e0574b8b6418b473991ff4b4af96d95c81047f12779f48fd392f32fd354f8ce374aa34e69d4f964838

    • SSDEEP

      1536:vRs7js4YCDSBsadqTYx64Mru+q5DAERRHWy6ZrPFW2iwTbWv:KvsFCDSBsadqTM6H7qtHX6dFW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks