General

  • Target

    6c7a0d220f0cc6c34e15baf5b76727cdefb4a57913f09ff66057234dcdf97f63

  • Size

    64KB

  • Sample

    241222-3gpb1a1qfz

  • MD5

    7914ede6f08b94ee897df57557bd2ea1

  • SHA1

    2809ed3d7f3ae720adb4811f1da6417f43dda55e

  • SHA256

    6c7a0d220f0cc6c34e15baf5b76727cdefb4a57913f09ff66057234dcdf97f63

  • SHA512

    d444f1ad476e375c547784d88fa1704ea64c46e3ca47780c82322bf0b7d16db9221d68b9cad14f11cf8e3842c84c78d1678477899785b1e44d5dc984f325449f

  • SSDEEP

    1536:T3F2Uz0uZjxXMD/2BabB0lLBsLnVLdGUHyNwW:7cUz02yaBabB0lLBsLnVUUHyNwW

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6c7a0d220f0cc6c34e15baf5b76727cdefb4a57913f09ff66057234dcdf97f63

    • Size

      64KB

    • MD5

      7914ede6f08b94ee897df57557bd2ea1

    • SHA1

      2809ed3d7f3ae720adb4811f1da6417f43dda55e

    • SHA256

      6c7a0d220f0cc6c34e15baf5b76727cdefb4a57913f09ff66057234dcdf97f63

    • SHA512

      d444f1ad476e375c547784d88fa1704ea64c46e3ca47780c82322bf0b7d16db9221d68b9cad14f11cf8e3842c84c78d1678477899785b1e44d5dc984f325449f

    • SSDEEP

      1536:T3F2Uz0uZjxXMD/2BabB0lLBsLnVLdGUHyNwW:7cUz02yaBabB0lLBsLnVUUHyNwW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks