General

  • Target

    ebe08825e0bdcb2f3f95f86fe6585d70629d6c69b28d9a63b651cd4311121e29N

  • Size

    128KB

  • Sample

    241112-sbyndavfmd

  • MD5

    80adf9bf8482c593bf80b2c969b2c380

  • SHA1

    85e90a925cfaf8edd057b046fac133e40a701349

  • SHA256

    ebe08825e0bdcb2f3f95f86fe6585d70629d6c69b28d9a63b651cd4311121e29

  • SHA512

    44a30ef0ca00b7aa87ac2d66d743e3a45ac5b57a66687ef9637d988a0c0a4c0b6c87e3fb6d541bfe0c5675b5b6ccf3f4429255d45986a1d8ed9480cb71b7218a

  • SSDEEP

    3072:FeqI44ijExFw7Fm69W6PGZDrFDHZtOgxBOXXwwfBoD6N3h8N5Gg:FBI8Exu7krP5tTDUZNSN57

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ebe08825e0bdcb2f3f95f86fe6585d70629d6c69b28d9a63b651cd4311121e29N

    • Size

      128KB

    • MD5

      80adf9bf8482c593bf80b2c969b2c380

    • SHA1

      85e90a925cfaf8edd057b046fac133e40a701349

    • SHA256

      ebe08825e0bdcb2f3f95f86fe6585d70629d6c69b28d9a63b651cd4311121e29

    • SHA512

      44a30ef0ca00b7aa87ac2d66d743e3a45ac5b57a66687ef9637d988a0c0a4c0b6c87e3fb6d541bfe0c5675b5b6ccf3f4429255d45986a1d8ed9480cb71b7218a

    • SSDEEP

      3072:FeqI44ijExFw7Fm69W6PGZDrFDHZtOgxBOXXwwfBoD6N3h8N5Gg:FBI8Exu7krP5tTDUZNSN57

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks