General

  • Target

    95d7fc52d4fe17df954204338900d5d884c6ff677f19e225c801bb105fc5a054

  • Size

    84KB

  • Sample

    241112-rc3haathmg

  • MD5

    a1d40f5af770164c530bc8223dd84a10

  • SHA1

    b63f6c40dd0122f94ae9202cf360e17a6fb329fb

  • SHA256

    95d7fc52d4fe17df954204338900d5d884c6ff677f19e225c801bb105fc5a054

  • SHA512

    bbd3a7563a991b0021a8ef41639131752b2fc8daffec4df97d547d83ed10792ce689ed9889526c317043d9d1ec0ec37e1674ed258c7c2a15cc3dbfb6a2b51754

  • SSDEEP

    1536:24h9gw1KQ6BthMkl33OTXSREXHfVPfMVwNKT1iqWUPGc4T7VLd:ph9gwa53OTCREXdXNKT1ntPG9pB

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      95d7fc52d4fe17df954204338900d5d884c6ff677f19e225c801bb105fc5a054

    • Size

      84KB

    • MD5

      a1d40f5af770164c530bc8223dd84a10

    • SHA1

      b63f6c40dd0122f94ae9202cf360e17a6fb329fb

    • SHA256

      95d7fc52d4fe17df954204338900d5d884c6ff677f19e225c801bb105fc5a054

    • SHA512

      bbd3a7563a991b0021a8ef41639131752b2fc8daffec4df97d547d83ed10792ce689ed9889526c317043d9d1ec0ec37e1674ed258c7c2a15cc3dbfb6a2b51754

    • SSDEEP

      1536:24h9gw1KQ6BthMkl33OTXSREXHfVPfMVwNKT1iqWUPGc4T7VLd:ph9gwa53OTCREXdXNKT1ntPG9pB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks