General

  • Target

    9c4844cde6763b75f9a8c5debb8b7c61f8d1dc54522215b06216b68b8119ff61

  • Size

    69KB

  • Sample

    241223-bqgvqstjfw

  • MD5

    6689e504c26ef7e3cc541b889a522bc7

  • SHA1

    0071cbf272c16c01d75d2036c9ce3a5b2913703b

  • SHA256

    9c4844cde6763b75f9a8c5debb8b7c61f8d1dc54522215b06216b68b8119ff61

  • SHA512

    f0caeeb259ab400311535a47e881d9f10e7451eaa8cae880224dbe159a94f16bda6a8764d0993759f2a803e0951145c945f0b366e5108550698aa85ecbb9cf94

  • SSDEEP

    1536:+lJYeWMMhOSC8mjSNesFRtBlxNE9JFRt51BdplxNZVh9JFRt51BdplxNZVh9JFRG:+jYeLMt9mjSkFe0GNFn/GFZC1yY

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9c4844cde6763b75f9a8c5debb8b7c61f8d1dc54522215b06216b68b8119ff61

    • Size

      69KB

    • MD5

      6689e504c26ef7e3cc541b889a522bc7

    • SHA1

      0071cbf272c16c01d75d2036c9ce3a5b2913703b

    • SHA256

      9c4844cde6763b75f9a8c5debb8b7c61f8d1dc54522215b06216b68b8119ff61

    • SHA512

      f0caeeb259ab400311535a47e881d9f10e7451eaa8cae880224dbe159a94f16bda6a8764d0993759f2a803e0951145c945f0b366e5108550698aa85ecbb9cf94

    • SSDEEP

      1536:+lJYeWMMhOSC8mjSNesFRtBlxNE9JFRt51BdplxNZVh9JFRt51BdplxNZVh9JFRG:+jYeLMt9mjSkFe0GNFn/GFZC1yY

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks