General

  • Target

    fc703278498f477e981463e5dd7c0bc9f385580ab429cd4b99d3b07643cfed20

  • Size

    72KB

  • Sample

    241121-qqvh6asapa

  • MD5

    2ef3b3540b8ce4ee495011bb527a255a

  • SHA1

    891518ba678626c8acac57696de2246f481b94b6

  • SHA256

    fc703278498f477e981463e5dd7c0bc9f385580ab429cd4b99d3b07643cfed20

  • SHA512

    2487aeafead1f68ba7d4dafe564bb94ae22232633d15e0eda398cc9b29f009de16d0f131a552a2ee68470695e3c2adde5cd4533b2a3bc1e7389a4f300bb45d8a

  • SSDEEP

    768:IoJPjFhNigKwbRrMu3ZnvnUuWrosqgAGm+/1H58sU9UiEb/KEiEixV38Hiv+X2tU:HjFhvFrMuiro5G1wPgUN3QivEtP

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fc703278498f477e981463e5dd7c0bc9f385580ab429cd4b99d3b07643cfed20

    • Size

      72KB

    • MD5

      2ef3b3540b8ce4ee495011bb527a255a

    • SHA1

      891518ba678626c8acac57696de2246f481b94b6

    • SHA256

      fc703278498f477e981463e5dd7c0bc9f385580ab429cd4b99d3b07643cfed20

    • SHA512

      2487aeafead1f68ba7d4dafe564bb94ae22232633d15e0eda398cc9b29f009de16d0f131a552a2ee68470695e3c2adde5cd4533b2a3bc1e7389a4f300bb45d8a

    • SSDEEP

      768:IoJPjFhNigKwbRrMu3ZnvnUuWrosqgAGm+/1H58sU9UiEb/KEiEixV38Hiv+X2tU:HjFhvFrMuiro5G1wPgUN3QivEtP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks