General

  • Target

    23898f85bcfa092e05c3fb82c422c0e659e127f46ecf83e1cd204991070f4e80

  • Size

    256KB

  • Sample

    250127-zarl1avndn

  • MD5

    1b7091bbeedb9c3c97858210f473d428

  • SHA1

    36919f9028f3256fb59feecdca91dfcc3ceeeb6a

  • SHA256

    23898f85bcfa092e05c3fb82c422c0e659e127f46ecf83e1cd204991070f4e80

  • SHA512

    7b6cf368a1e41b353d6cdc6c3238bbe13af0b91567e396abde7c5a3982391e8fb38e7554999bff2d0423772633ac668b416f9cd7d4ed0d2c66527e57037658f4

  • SSDEEP

    6144:RaboWX8853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZR:YboJQBpnchWcZR

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      23898f85bcfa092e05c3fb82c422c0e659e127f46ecf83e1cd204991070f4e80

    • Size

      256KB

    • MD5

      1b7091bbeedb9c3c97858210f473d428

    • SHA1

      36919f9028f3256fb59feecdca91dfcc3ceeeb6a

    • SHA256

      23898f85bcfa092e05c3fb82c422c0e659e127f46ecf83e1cd204991070f4e80

    • SHA512

      7b6cf368a1e41b353d6cdc6c3238bbe13af0b91567e396abde7c5a3982391e8fb38e7554999bff2d0423772633ac668b416f9cd7d4ed0d2c66527e57037658f4

    • SSDEEP

      6144:RaboWX8853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZR:YboJQBpnchWcZR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks