General

  • Target

    fee755f202ef49d20a4ced625e26d60954247d09c1fe16136774c62f668ca681

  • Size

    45KB

  • Sample

    241224-dnnava1jhr

  • MD5

    5413edc335aee150e192dff77c7d0e7d

  • SHA1

    a8edafb183c1500933545793bc4e7f3ca5f8420d

  • SHA256

    fee755f202ef49d20a4ced625e26d60954247d09c1fe16136774c62f668ca681

  • SHA512

    730741450e1136e72a4d4c4304f3baa5b71bdc80db95c8ec0ae1986cb5c954bdb703c57718a45387a5fa4034096fc21fa0c5f550f8706cff0d1303d43b1f73f2

  • SSDEEP

    768:hEPI8jlvZcHt8cMr4TifNx/ep9QKr09ImIbB8ABEKfS8DVC/1H5wi:hOjlRcHt8zbdSmcB8ABEKq8DVIv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fee755f202ef49d20a4ced625e26d60954247d09c1fe16136774c62f668ca681

    • Size

      45KB

    • MD5

      5413edc335aee150e192dff77c7d0e7d

    • SHA1

      a8edafb183c1500933545793bc4e7f3ca5f8420d

    • SHA256

      fee755f202ef49d20a4ced625e26d60954247d09c1fe16136774c62f668ca681

    • SHA512

      730741450e1136e72a4d4c4304f3baa5b71bdc80db95c8ec0ae1986cb5c954bdb703c57718a45387a5fa4034096fc21fa0c5f550f8706cff0d1303d43b1f73f2

    • SSDEEP

      768:hEPI8jlvZcHt8cMr4TifNx/ep9QKr09ImIbB8ABEKfS8DVC/1H5wi:hOjlRcHt8zbdSmcB8ABEKq8DVIv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks