General

  • Target

    783c5c5942853d3500a86e334f11b6605e8fe46c6063eb63b52f5c005c3b55fb

  • Size

    512KB

  • Sample

    241222-3wclraslfj

  • MD5

    bb5359b04b50bc7af625126aab4c988c

  • SHA1

    5c48594b7b153558d165d30d8e64ea7e0352b374

  • SHA256

    783c5c5942853d3500a86e334f11b6605e8fe46c6063eb63b52f5c005c3b55fb

  • SHA512

    fab37e39a81a8bd2776406f0983907f9a6dc27f80201cfc5ba79d1bdee0a79c0865b49834028459c9f3c1aa1db1c3d45cbec4265a675050918d43a2943f75c47

  • SSDEEP

    6144:HSm4VE1ZUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:yzGKUG5t1sI5yl48pArv8o4L

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      783c5c5942853d3500a86e334f11b6605e8fe46c6063eb63b52f5c005c3b55fb

    • Size

      512KB

    • MD5

      bb5359b04b50bc7af625126aab4c988c

    • SHA1

      5c48594b7b153558d165d30d8e64ea7e0352b374

    • SHA256

      783c5c5942853d3500a86e334f11b6605e8fe46c6063eb63b52f5c005c3b55fb

    • SHA512

      fab37e39a81a8bd2776406f0983907f9a6dc27f80201cfc5ba79d1bdee0a79c0865b49834028459c9f3c1aa1db1c3d45cbec4265a675050918d43a2943f75c47

    • SSDEEP

      6144:HSm4VE1ZUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:yzGKUG5t1sI5yl48pArv8o4L

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks