General

  • Target

    7c7d798f489355d40318080eea82d5606a0512f5c1bc0528e5cd9ab5abfc7447

  • Size

    64KB

  • Sample

    241223-aa91xaskc1

  • MD5

    c2f659a64fc7f52b087c5473d0943c92

  • SHA1

    c2aca4e1f9a842da3e2260de315e60eaa2619b71

  • SHA256

    7c7d798f489355d40318080eea82d5606a0512f5c1bc0528e5cd9ab5abfc7447

  • SHA512

    66aaa47a3caafd4b80db8ad47616debf2d74bdf58db53b40f5074f1ab5e94065227735ce3623a7ea94c56bc9471cf19a4e3c82effb91f14caaba1c672d355d8a

  • SSDEEP

    768:AAAw78LimFxTQhSj6WX5fVAN2ut7zNdXEQZ/1H54FYwKA2kms8Y/ts/9d2NzYVmY:AAb7QLQ2LHOXEWWywrPFW2iwTbW

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7c7d798f489355d40318080eea82d5606a0512f5c1bc0528e5cd9ab5abfc7447

    • Size

      64KB

    • MD5

      c2f659a64fc7f52b087c5473d0943c92

    • SHA1

      c2aca4e1f9a842da3e2260de315e60eaa2619b71

    • SHA256

      7c7d798f489355d40318080eea82d5606a0512f5c1bc0528e5cd9ab5abfc7447

    • SHA512

      66aaa47a3caafd4b80db8ad47616debf2d74bdf58db53b40f5074f1ab5e94065227735ce3623a7ea94c56bc9471cf19a4e3c82effb91f14caaba1c672d355d8a

    • SSDEEP

      768:AAAw78LimFxTQhSj6WX5fVAN2ut7zNdXEQZ/1H54FYwKA2kms8Y/ts/9d2NzYVmY:AAb7QLQ2LHOXEWWywrPFW2iwTbW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks