General

  • Target

    07c940fbc0e15c065d2aadaa89acb35e20d6c650a0499ca73d61c84ae5b403ec.exe

  • Size

    92KB

  • Sample

    241112-r85mhsxrfj

  • MD5

    83701f0d865d55de7c776ec09ae473b9

  • SHA1

    8b0f4259ea9a0892aa7b0f64dba602715523f68f

  • SHA256

    07c940fbc0e15c065d2aadaa89acb35e20d6c650a0499ca73d61c84ae5b403ec

  • SHA512

    668137e6a752ee6c42275a05284fb258e0db7d8617b76ead2a0258f6bf9aba13ecb26e81210dfe02085a22a37f274a29fbe9127751c7e5281e77da06607e4181

  • SSDEEP

    1536:UiBA4+upD05ke4byD4jgLwQjILQ9FKGXllUDtM60I:LBD+l5k+DRXKG7UDd0I

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      07c940fbc0e15c065d2aadaa89acb35e20d6c650a0499ca73d61c84ae5b403ec.exe

    • Size

      92KB

    • MD5

      83701f0d865d55de7c776ec09ae473b9

    • SHA1

      8b0f4259ea9a0892aa7b0f64dba602715523f68f

    • SHA256

      07c940fbc0e15c065d2aadaa89acb35e20d6c650a0499ca73d61c84ae5b403ec

    • SHA512

      668137e6a752ee6c42275a05284fb258e0db7d8617b76ead2a0258f6bf9aba13ecb26e81210dfe02085a22a37f274a29fbe9127751c7e5281e77da06607e4181

    • SSDEEP

      1536:UiBA4+upD05ke4byD4jgLwQjILQ9FKGXllUDtM60I:LBD+l5k+DRXKG7UDd0I

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks