General

  • Target

    4858787e2d256f0049239e42f9c480e20cc9e83f24589799250fb4975bb61644

  • Size

    395KB

  • Sample

    241223-zz8xks1ne1

  • MD5

    54aa753a3e4a8e78b5742002f260800b

  • SHA1

    120711d270bdcbd1265b265d7c954767d607f1a3

  • SHA256

    4858787e2d256f0049239e42f9c480e20cc9e83f24589799250fb4975bb61644

  • SHA512

    b17c19371954d80991e0e354e06bec03c5b6eae3ab9a7d0428e777ac4f0d7a9df5d0f5ac0a5e17b5d2d90c99edfd6396ff9b0e7e26358deb68cc9b3f9c04c496

  • SSDEEP

    3072:moWvmVZJ6DCes7LlNwl5LPqdFQ/G0u3NNU7BS+CU7BS+9s7LlNwl5LPqNFQ/G0uJ:1Des4y70u4HXs4yr0u490u4Ds4yvW8lM

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4858787e2d256f0049239e42f9c480e20cc9e83f24589799250fb4975bb61644

    • Size

      395KB

    • MD5

      54aa753a3e4a8e78b5742002f260800b

    • SHA1

      120711d270bdcbd1265b265d7c954767d607f1a3

    • SHA256

      4858787e2d256f0049239e42f9c480e20cc9e83f24589799250fb4975bb61644

    • SHA512

      b17c19371954d80991e0e354e06bec03c5b6eae3ab9a7d0428e777ac4f0d7a9df5d0f5ac0a5e17b5d2d90c99edfd6396ff9b0e7e26358deb68cc9b3f9c04c496

    • SSDEEP

      3072:moWvmVZJ6DCes7LlNwl5LPqdFQ/G0u3NNU7BS+CU7BS+9s7LlNwl5LPqNFQ/G0uJ:1Des4y70u4HXs4yr0u490u4Ds4yvW8lM

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks