General

  • Target

    042bd01c0eccd4254790be07a49a05c79dd02782ed9c2c637cd1051064f00aedN.exe

  • Size

    226KB

  • Sample

    241111-mtqslaydqe

  • MD5

    e85fec085f886450df05bd6d07302619

  • SHA1

    05de1e45a96734bd0b924d2545e707c6943dcb61

  • SHA256

    f084e600c45db628fe67eb3fed14ef2ef1c2fd818e173c56491a310045bbd27f

  • SHA512

    32ef4f49b2bff647fe7154ec8526752f43a1877c89e123bff607cfefb2f3489b1577d453003a8119a57bcd301756655c2c759c5e0999d5ab26c93387d4166f42

  • SSDEEP

    3072:AMMw33flDKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtr:Sw3v+xEtQtsEtr

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      042bd01c0eccd4254790be07a49a05c79dd02782ed9c2c637cd1051064f00aedN.exe

    • Size

      226KB

    • MD5

      e85fec085f886450df05bd6d07302619

    • SHA1

      05de1e45a96734bd0b924d2545e707c6943dcb61

    • SHA256

      f084e600c45db628fe67eb3fed14ef2ef1c2fd818e173c56491a310045bbd27f

    • SHA512

      32ef4f49b2bff647fe7154ec8526752f43a1877c89e123bff607cfefb2f3489b1577d453003a8119a57bcd301756655c2c759c5e0999d5ab26c93387d4166f42

    • SSDEEP

      3072:AMMw33flDKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtr:Sw3v+xEtQtsEtr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks