General

  • Target

    a05c959a19117056c51d2dad0b4d36869ee934378bb54baaa871f73bd1cccf2dN.exe

  • Size

    128KB

  • Sample

    241112-r8lveaveph

  • MD5

    99ceb1f1967c61426103bb4d42414255

  • SHA1

    73719202ca18d8e3dfe4402259fde94fe9b57022

  • SHA256

    2546c416b23c9c1bb23cc772f2b149e4c776abe1f528dc50bc705d127d5f5808

  • SHA512

    3f8070dafbb5625c93c25ce661203cce5e02c9b96fe3329f8168ff7b99d2cca83a3ee6429421a2d0c5129f7aa6e0381cd46f98a87efa238bdd6c3e97bf315525

  • SSDEEP

    3072:+kJDgWu+bXNDrFDHZtOgxBOXXwwfBoD6N3h8N5Gq:+kJDgiLr5tTDUZNSN59

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a05c959a19117056c51d2dad0b4d36869ee934378bb54baaa871f73bd1cccf2dN.exe

    • Size

      128KB

    • MD5

      99ceb1f1967c61426103bb4d42414255

    • SHA1

      73719202ca18d8e3dfe4402259fde94fe9b57022

    • SHA256

      2546c416b23c9c1bb23cc772f2b149e4c776abe1f528dc50bc705d127d5f5808

    • SHA512

      3f8070dafbb5625c93c25ce661203cce5e02c9b96fe3329f8168ff7b99d2cca83a3ee6429421a2d0c5129f7aa6e0381cd46f98a87efa238bdd6c3e97bf315525

    • SSDEEP

      3072:+kJDgWu+bXNDrFDHZtOgxBOXXwwfBoD6N3h8N5Gq:+kJDgiLr5tTDUZNSN59

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks