General

  • Target

    b64ba9d0134bc1134461074deac0135ea5b3fe85ad4e0ad3be4acf7a89d2d5b6N.exe

  • Size

    55KB

  • Sample

    241112-q69b9asqbv

  • MD5

    d552523f73044a1ae174adaddcccea40

  • SHA1

    674c7815f8c0cdd17ac1a89dbfa561b63779c5d6

  • SHA256

    b64ba9d0134bc1134461074deac0135ea5b3fe85ad4e0ad3be4acf7a89d2d5b6

  • SHA512

    85da7fbf1b0158ce7ea891aae1a13ed36fbecf8c9f9fee5f7b0d0a928b8b5492aed00140965ef0ab48fd6c9c4c4e1ef4d7e4040ffdb8b83fd00a11d7acdc2402

  • SSDEEP

    1536:9g7bfEuYwxWJN+IS4BuLe4NSoNSd0A3shxD6:O7xVwD4NXNW0A8hh

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b64ba9d0134bc1134461074deac0135ea5b3fe85ad4e0ad3be4acf7a89d2d5b6N.exe

    • Size

      55KB

    • MD5

      d552523f73044a1ae174adaddcccea40

    • SHA1

      674c7815f8c0cdd17ac1a89dbfa561b63779c5d6

    • SHA256

      b64ba9d0134bc1134461074deac0135ea5b3fe85ad4e0ad3be4acf7a89d2d5b6

    • SHA512

      85da7fbf1b0158ce7ea891aae1a13ed36fbecf8c9f9fee5f7b0d0a928b8b5492aed00140965ef0ab48fd6c9c4c4e1ef4d7e4040ffdb8b83fd00a11d7acdc2402

    • SSDEEP

      1536:9g7bfEuYwxWJN+IS4BuLe4NSoNSd0A3shxD6:O7xVwD4NXNW0A8hh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks