General

  • Target

    6a55ce0833053d2c3e79805d50f6a666582cf148c86b05503160fb71773029e1

  • Size

    72KB

  • Sample

    241207-3haj8svngr

  • MD5

    b36187631c432d18ce668338a5a9f47b

  • SHA1

    45f112a6c4cebacfb8b505101ebd9b5371e0dc36

  • SHA256

    6a55ce0833053d2c3e79805d50f6a666582cf148c86b05503160fb71773029e1

  • SHA512

    3b9bca38d5838fb19d6405028962a8efb917b2756fdfcc2309664b806e489f9607b74c09e83108a9ef8ebb19cfdaa6d785b603df0cae94b11c1005c3aaabcb6d

  • SSDEEP

    1536:Vcp+9C0xk5cO3dxu0HhIQbDkCHzYu0HJJAmCMoUYsIWkAMoUw8YEgsI0Qc4kAMok:Vcp+9CokCO3dxu0HhIUDP0HJ6xMoUYs6

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6a55ce0833053d2c3e79805d50f6a666582cf148c86b05503160fb71773029e1

    • Size

      72KB

    • MD5

      b36187631c432d18ce668338a5a9f47b

    • SHA1

      45f112a6c4cebacfb8b505101ebd9b5371e0dc36

    • SHA256

      6a55ce0833053d2c3e79805d50f6a666582cf148c86b05503160fb71773029e1

    • SHA512

      3b9bca38d5838fb19d6405028962a8efb917b2756fdfcc2309664b806e489f9607b74c09e83108a9ef8ebb19cfdaa6d785b603df0cae94b11c1005c3aaabcb6d

    • SSDEEP

      1536:Vcp+9C0xk5cO3dxu0HhIQbDkCHzYu0HJJAmCMoUYsIWkAMoUw8YEgsI0Qc4kAMok:Vcp+9CokCO3dxu0HhIUDP0HJ6xMoUYs6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks