General

  • Target

    e023659864f73dfc6f77738d0bc3a1c4d1be088522126412c56202fde5d2f274

  • Size

    64KB

  • Sample

    241224-cm1zwaynfy

  • MD5

    352ece4ec2961cc6146c53b51787ed71

  • SHA1

    211a61fb8503d3583db63ec2e7086b7d5ddbdfb4

  • SHA256

    e023659864f73dfc6f77738d0bc3a1c4d1be088522126412c56202fde5d2f274

  • SHA512

    dc3fadc41da0d6512ea4cf05466bf94d7a3ccfdab75e125c6e626dd5092c9f305856b0a2af9e26c660299f2ea7a973eb85b55a7c94456d5fdb13bc0d6b5d3095

  • SSDEEP

    1536:nNm4uzl9+MWLxVKdKuBtweUFCWWyQrPFW2iwTbW:nNm4uzl6tsdKuByVXMFW2VTbW

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e023659864f73dfc6f77738d0bc3a1c4d1be088522126412c56202fde5d2f274

    • Size

      64KB

    • MD5

      352ece4ec2961cc6146c53b51787ed71

    • SHA1

      211a61fb8503d3583db63ec2e7086b7d5ddbdfb4

    • SHA256

      e023659864f73dfc6f77738d0bc3a1c4d1be088522126412c56202fde5d2f274

    • SHA512

      dc3fadc41da0d6512ea4cf05466bf94d7a3ccfdab75e125c6e626dd5092c9f305856b0a2af9e26c660299f2ea7a973eb85b55a7c94456d5fdb13bc0d6b5d3095

    • SSDEEP

      1536:nNm4uzl9+MWLxVKdKuBtweUFCWWyQrPFW2iwTbW:nNm4uzl6tsdKuByVXMFW2VTbW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks