General

  • Target

    1439c7b5007990bee35796331e2acacb4ab72a21b4cf35717dbf621776de4610

  • Size

    64KB

  • Sample

    241224-ykvwqsvrdt

  • MD5

    c573bc69bad0eb830bf721c3a52ed8fa

  • SHA1

    8aac6a1a2bab817fd95697a41f210c234b0f209e

  • SHA256

    1439c7b5007990bee35796331e2acacb4ab72a21b4cf35717dbf621776de4610

  • SHA512

    0de1ffe17c6aee0fb17ef38db0693a8d4256018f558d914759bb3af02f90d47fd0554ab187a456ba40a3779753e652f2d23f4b2bb159839c8b9853a78ec072db

  • SSDEEP

    1536:dz4VRFQFX5zAPnouMH9t5S551TALQQwCaqn4BUXruCHcpzt/Idn:dz4VRFQ9i1TfyipFwn

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1439c7b5007990bee35796331e2acacb4ab72a21b4cf35717dbf621776de4610

    • Size

      64KB

    • MD5

      c573bc69bad0eb830bf721c3a52ed8fa

    • SHA1

      8aac6a1a2bab817fd95697a41f210c234b0f209e

    • SHA256

      1439c7b5007990bee35796331e2acacb4ab72a21b4cf35717dbf621776de4610

    • SHA512

      0de1ffe17c6aee0fb17ef38db0693a8d4256018f558d914759bb3af02f90d47fd0554ab187a456ba40a3779753e652f2d23f4b2bb159839c8b9853a78ec072db

    • SSDEEP

      1536:dz4VRFQFX5zAPnouMH9t5S551TALQQwCaqn4BUXruCHcpzt/Idn:dz4VRFQ9i1TfyipFwn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks