General

  • Target

    1cf3ef7c04926c07befaed547c4cfc886aac1f8dbbb6bd72dbfafe95e992579f.exe

  • Size

    67KB

  • Sample

    241111-m7janssjfm

  • MD5

    82bd725cf541da73b48274aa7b63ed03

  • SHA1

    ba61800e54b077d82daac8ec5220ced536573812

  • SHA256

    1cf3ef7c04926c07befaed547c4cfc886aac1f8dbbb6bd72dbfafe95e992579f

  • SHA512

    9ea37e694e5d8df4edddf5f3b1cda68d39972f91352be30279a12fbec2345a4ecc9e037e05e4c253a4d2d05ce85d97f25c9ba7278977d6a550e64cd17bc97677

  • SSDEEP

    1536:LQClFx5m8ljP9q3/Mlm6t1bsJifTduD4oTxw0:tFx4HElmabsJibdMTxw0

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1cf3ef7c04926c07befaed547c4cfc886aac1f8dbbb6bd72dbfafe95e992579f.exe

    • Size

      67KB

    • MD5

      82bd725cf541da73b48274aa7b63ed03

    • SHA1

      ba61800e54b077d82daac8ec5220ced536573812

    • SHA256

      1cf3ef7c04926c07befaed547c4cfc886aac1f8dbbb6bd72dbfafe95e992579f

    • SHA512

      9ea37e694e5d8df4edddf5f3b1cda68d39972f91352be30279a12fbec2345a4ecc9e037e05e4c253a4d2d05ce85d97f25c9ba7278977d6a550e64cd17bc97677

    • SSDEEP

      1536:LQClFx5m8ljP9q3/Mlm6t1bsJifTduD4oTxw0:tFx4HElmabsJibdMTxw0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks