General

  • Target

    6b45df361218a3d21db70814730c6244858438976fd62748c53a525dd46e69acN

  • Size

    67KB

  • Sample

    241112-nra5ssvmdk

  • MD5

    8736c894796b139ff4d8f16aaea7de50

  • SHA1

    102350f601b00838f5bba5a3950a200d3580767a

  • SHA256

    6b45df361218a3d21db70814730c6244858438976fd62748c53a525dd46e69ac

  • SHA512

    43734c27b50599b1a2b99f6ef81a5e50e0c5f339dee73ff59c63588a0853fa4b22940ed9de330c4a0d38ba5535ac4f910b34daac04dff35f6b265d4a8ddf91ae

  • SSDEEP

    1536:KLmfkZWd1MT2OOsnmBUGnsJifTduD4oTxwB:5kZWd1MTSsnmBtnsJibdMTxwB

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6b45df361218a3d21db70814730c6244858438976fd62748c53a525dd46e69acN

    • Size

      67KB

    • MD5

      8736c894796b139ff4d8f16aaea7de50

    • SHA1

      102350f601b00838f5bba5a3950a200d3580767a

    • SHA256

      6b45df361218a3d21db70814730c6244858438976fd62748c53a525dd46e69ac

    • SHA512

      43734c27b50599b1a2b99f6ef81a5e50e0c5f339dee73ff59c63588a0853fa4b22940ed9de330c4a0d38ba5535ac4f910b34daac04dff35f6b265d4a8ddf91ae

    • SSDEEP

      1536:KLmfkZWd1MT2OOsnmBUGnsJifTduD4oTxwB:5kZWd1MTSsnmBtnsJibdMTxwB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks