General

  • Target

    3d3d93a6abe12bf2781719ce069549b71723021214420c36bf886e96085a0adb.exe

  • Size

    512KB

  • Sample

    241112-pgekxaselq

  • MD5

    3efb857356a93fb72550a4a50d459b32

  • SHA1

    746fa999bd0a8f93f0d1d23e2e9d1357184c3060

  • SHA256

    3d3d93a6abe12bf2781719ce069549b71723021214420c36bf886e96085a0adb

  • SHA512

    1bc5e6cab43e8c7f3f98e610df7c30608de26c2a424f6178300511a7a8e6ffe9ef324e210538437ef976cb03e75b7554d5b0ba8a800d22744ccbd83e6e623388

  • SSDEEP

    6144:JcVclD853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ3:+cJQBpnchWcZ3

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3d3d93a6abe12bf2781719ce069549b71723021214420c36bf886e96085a0adb.exe

    • Size

      512KB

    • MD5

      3efb857356a93fb72550a4a50d459b32

    • SHA1

      746fa999bd0a8f93f0d1d23e2e9d1357184c3060

    • SHA256

      3d3d93a6abe12bf2781719ce069549b71723021214420c36bf886e96085a0adb

    • SHA512

      1bc5e6cab43e8c7f3f98e610df7c30608de26c2a424f6178300511a7a8e6ffe9ef324e210538437ef976cb03e75b7554d5b0ba8a800d22744ccbd83e6e623388

    • SSDEEP

      6144:JcVclD853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ3:+cJQBpnchWcZ3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks