General

  • Target

    06c427c36150f83b5f06ced53a08514d1feb39fdfe028189be64085faef0eade

  • Size

    512KB

  • Sample

    241224-xy8jbavkby

  • MD5

    f50d0569e86ed2d57ae794296f5635cb

  • SHA1

    7428774235a8c6c1a4021419de069258b860896e

  • SHA256

    06c427c36150f83b5f06ced53a08514d1feb39fdfe028189be64085faef0eade

  • SHA512

    7d8544d1cb75acd80b3779d4d5328b5739d7d93c07fe42e56c99f7f9f1c88abbbc842dc8aa9f0bc5dc2d43646629916dea284067fed215135762d4b700eea8e9

  • SSDEEP

    6144:8U+yP0853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:78QBpnchWcZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      06c427c36150f83b5f06ced53a08514d1feb39fdfe028189be64085faef0eade

    • Size

      512KB

    • MD5

      f50d0569e86ed2d57ae794296f5635cb

    • SHA1

      7428774235a8c6c1a4021419de069258b860896e

    • SHA256

      06c427c36150f83b5f06ced53a08514d1feb39fdfe028189be64085faef0eade

    • SHA512

      7d8544d1cb75acd80b3779d4d5328b5739d7d93c07fe42e56c99f7f9f1c88abbbc842dc8aa9f0bc5dc2d43646629916dea284067fed215135762d4b700eea8e9

    • SSDEEP

      6144:8U+yP0853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:78QBpnchWcZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks