General

  • Target

    9a2e4db8df73ca6efcba6a009a3a7171debbb1b5f00239be66863960aeb6e1cfN

  • Size

    108KB

  • Sample

    241113-vkj8fsvpaw

  • MD5

    df1a9bd64e8fe99b5a530c34fe67ca70

  • SHA1

    caa918103274d6a72c85db64f85e8c6294f0dc8e

  • SHA256

    9a2e4db8df73ca6efcba6a009a3a7171debbb1b5f00239be66863960aeb6e1cf

  • SHA512

    749b3e7f85402e3481c58f0cff2f0e9a2afdc7e60a6ec5895715038f81d246efdc3aaba7cb735012ba3fbec8c2bc66932bbd6cc71f4ed843ed006cbdcd3e9513

  • SSDEEP

    3072:KrLldX/w4KWFs7eGjBfPCbPEezgH7uaUjmOiBn3w8BdTj2h3K:QvwzdezS7uPjVu3w8BdTj2VK

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9a2e4db8df73ca6efcba6a009a3a7171debbb1b5f00239be66863960aeb6e1cfN

    • Size

      108KB

    • MD5

      df1a9bd64e8fe99b5a530c34fe67ca70

    • SHA1

      caa918103274d6a72c85db64f85e8c6294f0dc8e

    • SHA256

      9a2e4db8df73ca6efcba6a009a3a7171debbb1b5f00239be66863960aeb6e1cf

    • SHA512

      749b3e7f85402e3481c58f0cff2f0e9a2afdc7e60a6ec5895715038f81d246efdc3aaba7cb735012ba3fbec8c2bc66932bbd6cc71f4ed843ed006cbdcd3e9513

    • SSDEEP

      3072:KrLldX/w4KWFs7eGjBfPCbPEezgH7uaUjmOiBn3w8BdTj2h3K:QvwzdezS7uPjVu3w8BdTj2VK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks