General

  • Target

    0099105f3bf47ce554a4c4e05a3f8abcc3711798e549fc168737c1a15d46b59b

  • Size

    88KB

  • Sample

    241113-xsvp9sxfkc

  • MD5

    d869a2506161c392ed4fc378379c7869

  • SHA1

    0693fdfb87dee438fcb12e5e6f92e43a47bb2536

  • SHA256

    0099105f3bf47ce554a4c4e05a3f8abcc3711798e549fc168737c1a15d46b59b

  • SHA512

    745c6721a9e460ab78a688e6edafc2c3e1dd863a34e09e2426dc9166df8083a54f79b0989cb495558e56eb732e370f656dacfeaec66e7f483df8f9e105657d8c

  • SSDEEP

    1536:Vi+W6XxZaAKfJdeXJnNcNZIgwFL8QOVXtE1ukVd71rFZO7+90vT:EdUxZaXfJde5nuNZiLi9EIIJ15ZO7Vr

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0099105f3bf47ce554a4c4e05a3f8abcc3711798e549fc168737c1a15d46b59b

    • Size

      88KB

    • MD5

      d869a2506161c392ed4fc378379c7869

    • SHA1

      0693fdfb87dee438fcb12e5e6f92e43a47bb2536

    • SHA256

      0099105f3bf47ce554a4c4e05a3f8abcc3711798e549fc168737c1a15d46b59b

    • SHA512

      745c6721a9e460ab78a688e6edafc2c3e1dd863a34e09e2426dc9166df8083a54f79b0989cb495558e56eb732e370f656dacfeaec66e7f483df8f9e105657d8c

    • SSDEEP

      1536:Vi+W6XxZaAKfJdeXJnNcNZIgwFL8QOVXtE1ukVd71rFZO7+90vT:EdUxZaXfJde5nuNZiLi9EIIJ15ZO7Vr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks