General

  • Target

    472412092f722e9abd63079254580d31ada9deb1b2750cb4ddf80bea3622d5c7N

  • Size

    64KB

  • Sample

    241112-n1y8zsscne

  • MD5

    5aaaac85f181afd84bc150e9f2376530

  • SHA1

    1faa03148a54be03883e6b351ab4c84151b2d050

  • SHA256

    472412092f722e9abd63079254580d31ada9deb1b2750cb4ddf80bea3622d5c7

  • SHA512

    11a55bc639cb088297012a39c611e37a22560d20667acd2e6581eccb4d0ef865323029d1ef3c1a202632608e5ce21fae6e62b61842e0bca1dec46714d98071d1

  • SSDEEP

    1536:VMql+V8e7sEnqg+2qqEnE07pvy7BWy9prPFW2iwTbWv:ZYCesEqnE071+XnFW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      472412092f722e9abd63079254580d31ada9deb1b2750cb4ddf80bea3622d5c7N

    • Size

      64KB

    • MD5

      5aaaac85f181afd84bc150e9f2376530

    • SHA1

      1faa03148a54be03883e6b351ab4c84151b2d050

    • SHA256

      472412092f722e9abd63079254580d31ada9deb1b2750cb4ddf80bea3622d5c7

    • SHA512

      11a55bc639cb088297012a39c611e37a22560d20667acd2e6581eccb4d0ef865323029d1ef3c1a202632608e5ce21fae6e62b61842e0bca1dec46714d98071d1

    • SSDEEP

      1536:VMql+V8e7sEnqg+2qqEnE07pvy7BWy9prPFW2iwTbWv:ZYCesEqnE071+XnFW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks