General

  • Target

    e20697d8504db17359b4a3e225bbbcd6d6009622493af7c81bc6db99dce04d78N.exe

  • Size

    64KB

  • Sample

    241112-n8dbgsvphm

  • MD5

    e5cecd4c7a45c5c0599bdb672f7b3446

  • SHA1

    29a1b1c91dd6a984735a656bf47ff42c747ad439

  • SHA256

    3b87c98c324308ca23013b5568fe7463add10a320427a19158775a4ad817541a

  • SHA512

    39697b919416fb1ff7dcb67239f53126d57d69e28b7d1d0d9e78079ba79266103e48edef931f2dd4077d3dc64a5d1a18dab2a46356680354e2a1fe44a05b1c7b

  • SSDEEP

    1536:IbwZoNVoICMabHC27yo+4OUXruCHcpzt/Idy:IhVbWxerZpFwy

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e20697d8504db17359b4a3e225bbbcd6d6009622493af7c81bc6db99dce04d78N.exe

    • Size

      64KB

    • MD5

      e5cecd4c7a45c5c0599bdb672f7b3446

    • SHA1

      29a1b1c91dd6a984735a656bf47ff42c747ad439

    • SHA256

      3b87c98c324308ca23013b5568fe7463add10a320427a19158775a4ad817541a

    • SHA512

      39697b919416fb1ff7dcb67239f53126d57d69e28b7d1d0d9e78079ba79266103e48edef931f2dd4077d3dc64a5d1a18dab2a46356680354e2a1fe44a05b1c7b

    • SSDEEP

      1536:IbwZoNVoICMabHC27yo+4OUXruCHcpzt/Idy:IhVbWxerZpFwy

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks