General

  • Target

    094ae5521fb8f8c60fccb9c4b387add0e807a05511b2b81181adb578ca13dfdaN.exe

  • Size

    344KB

  • Sample

    241111-pxd93sylew

  • MD5

    d2b7c397de65b8dd87369273883c7110

  • SHA1

    9c63389f32094d353471f0881672947cd457e2fc

  • SHA256

    1f6de1238198d3489f653d64ef52d5e72effd4b61d5c9fc2ea9d9c871fbb2a5c

  • SHA512

    240013c4a0c0dd20336ea9c1ea5c063aa46b9ef9320b358b79ba6b9223c2d0ec5f692733c4d8e0e358d1ae83e26e1fe2a35981c27a85a6efb19a7e496d10adde

  • SSDEEP

    6144:MY3DCpX2/mnbzvdLaD6OkPgl6bmIjlQFA:DCpXImbzQD6OkPgl6bmIjKA

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      094ae5521fb8f8c60fccb9c4b387add0e807a05511b2b81181adb578ca13dfdaN.exe

    • Size

      344KB

    • MD5

      d2b7c397de65b8dd87369273883c7110

    • SHA1

      9c63389f32094d353471f0881672947cd457e2fc

    • SHA256

      1f6de1238198d3489f653d64ef52d5e72effd4b61d5c9fc2ea9d9c871fbb2a5c

    • SHA512

      240013c4a0c0dd20336ea9c1ea5c063aa46b9ef9320b358b79ba6b9223c2d0ec5f692733c4d8e0e358d1ae83e26e1fe2a35981c27a85a6efb19a7e496d10adde

    • SSDEEP

      6144:MY3DCpX2/mnbzvdLaD6OkPgl6bmIjlQFA:DCpXImbzQD6OkPgl6bmIjKA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks