General

  • Target

    dab82d683200eb9d39e5a90b6e2681c1ef286ca7d7c4fbe15cc5b5d8f9296d90N

  • Size

    84KB

  • Sample

    241113-kkn7asxqcs

  • MD5

    e6043959a7fc988d6a04bad8bfbbcbd0

  • SHA1

    13514424ee6636ee01f796d1e874794dd09b555b

  • SHA256

    dab82d683200eb9d39e5a90b6e2681c1ef286ca7d7c4fbe15cc5b5d8f9296d90

  • SHA512

    557b95d06cc015392a31c6a316bb66d41db90dc0db19550dad053bfe4d788f943f19ae713573aa56be535275f3eecd0caedae1f018c8fb7a565d422c9ed9043b

  • SSDEEP

    1536:BMSK6mFmeu0cexTL38kPmgXSREXHfVPfMVwNKT1iqWUPGc4T7VLd:BMumrute98kPmgCREXdXNKT1ntPG9pB

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      dab82d683200eb9d39e5a90b6e2681c1ef286ca7d7c4fbe15cc5b5d8f9296d90N

    • Size

      84KB

    • MD5

      e6043959a7fc988d6a04bad8bfbbcbd0

    • SHA1

      13514424ee6636ee01f796d1e874794dd09b555b

    • SHA256

      dab82d683200eb9d39e5a90b6e2681c1ef286ca7d7c4fbe15cc5b5d8f9296d90

    • SHA512

      557b95d06cc015392a31c6a316bb66d41db90dc0db19550dad053bfe4d788f943f19ae713573aa56be535275f3eecd0caedae1f018c8fb7a565d422c9ed9043b

    • SSDEEP

      1536:BMSK6mFmeu0cexTL38kPmgXSREXHfVPfMVwNKT1iqWUPGc4T7VLd:BMumrute98kPmgCREXdXNKT1ntPG9pB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks