General

  • Target

    8801602012d39b12261cd82b9f48d1d9b79700c0e2878fad7cc4d331002562df

  • Size

    88KB

  • Sample

    241223-25njyavja1

  • MD5

    4125714bbd0c52592d3eac3a98868db9

  • SHA1

    a21988f4796be4f2870697e534a1b0b4b426163c

  • SHA256

    8801602012d39b12261cd82b9f48d1d9b79700c0e2878fad7cc4d331002562df

  • SHA512

    ff157de4e12536e25d5f0f18a7248d909ae14976c7f055d05bc472f7def8f061780c2626565ff2d1d433964a7d4d31015322595d143d59e218ded354a130595b

  • SSDEEP

    1536:vBUsijEPc/padafCmYLZiwFL8QOVXtE1ukVd71rFZO7+90vT:CNwPcBCFLZpLi9EIIJ15ZO7Vr

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      8801602012d39b12261cd82b9f48d1d9b79700c0e2878fad7cc4d331002562df

    • Size

      88KB

    • MD5

      4125714bbd0c52592d3eac3a98868db9

    • SHA1

      a21988f4796be4f2870697e534a1b0b4b426163c

    • SHA256

      8801602012d39b12261cd82b9f48d1d9b79700c0e2878fad7cc4d331002562df

    • SHA512

      ff157de4e12536e25d5f0f18a7248d909ae14976c7f055d05bc472f7def8f061780c2626565ff2d1d433964a7d4d31015322595d143d59e218ded354a130595b

    • SSDEEP

      1536:vBUsijEPc/padafCmYLZiwFL8QOVXtE1ukVd71rFZO7+90vT:CNwPcBCFLZpLi9EIIJ15ZO7Vr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks