General

  • Target

    30686c4ac42402ac1d387ae710acbd36d15c74d2889ac3dde8718c46708fe11fN

  • Size

    90KB

  • Sample

    241112-qy748axjdn

  • MD5

    c30d966bfbeeed768a5c66bbe5504e50

  • SHA1

    c9f6e0a3299b231e28c45c1bf9ecbbb07fd73569

  • SHA256

    30686c4ac42402ac1d387ae710acbd36d15c74d2889ac3dde8718c46708fe11f

  • SHA512

    f3fe272cf5c4f1577068071723406f75f000c5894a79146488cd46a046f6f387f0f39adc82b677fd1d0b9891ad6d94f3d769702491226aabb2de03c5dd998d84

  • SSDEEP

    1536:JwQGCYipAzC9c8nP8sNOeI9yVnQQC4fl8k/7TZP:JwvXOmC9Nk5e83T498a7TZP

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      30686c4ac42402ac1d387ae710acbd36d15c74d2889ac3dde8718c46708fe11fN

    • Size

      90KB

    • MD5

      c30d966bfbeeed768a5c66bbe5504e50

    • SHA1

      c9f6e0a3299b231e28c45c1bf9ecbbb07fd73569

    • SHA256

      30686c4ac42402ac1d387ae710acbd36d15c74d2889ac3dde8718c46708fe11f

    • SHA512

      f3fe272cf5c4f1577068071723406f75f000c5894a79146488cd46a046f6f387f0f39adc82b677fd1d0b9891ad6d94f3d769702491226aabb2de03c5dd998d84

    • SSDEEP

      1536:JwQGCYipAzC9c8nP8sNOeI9yVnQQC4fl8k/7TZP:JwvXOmC9Nk5e83T498a7TZP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks