General

  • Target

    06aa75f1c477aaa46c9ec5b14c89318bb464eb2091244ce8a86990c8672265fbN.exe

  • Size

    108KB

  • Sample

    241112-rclvjasrb1

  • MD5

    c4179175b4006a17c170eecb568b93f0

  • SHA1

    45add09714720faf2d7338888bf443c4d6c06cba

  • SHA256

    06aa75f1c477aaa46c9ec5b14c89318bb464eb2091244ce8a86990c8672265fb

  • SHA512

    51ad4d404bfcadecdab78d19c2af5c228398fa6548dc7d523b44a39feb1e2e6a976b4295ada719a1968c186fa20e6cff158fbc6eeafb3336ba6bea6041b2a20b

  • SSDEEP

    3072:IzlxDJzQxNHzK/A38xUjmOiBn3w8BdTj2h3K:IzlxqxY/A38ujVu3w8BdTj2VK

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      06aa75f1c477aaa46c9ec5b14c89318bb464eb2091244ce8a86990c8672265fbN.exe

    • Size

      108KB

    • MD5

      c4179175b4006a17c170eecb568b93f0

    • SHA1

      45add09714720faf2d7338888bf443c4d6c06cba

    • SHA256

      06aa75f1c477aaa46c9ec5b14c89318bb464eb2091244ce8a86990c8672265fb

    • SHA512

      51ad4d404bfcadecdab78d19c2af5c228398fa6548dc7d523b44a39feb1e2e6a976b4295ada719a1968c186fa20e6cff158fbc6eeafb3336ba6bea6041b2a20b

    • SSDEEP

      3072:IzlxDJzQxNHzK/A38xUjmOiBn3w8BdTj2h3K:IzlxqxY/A38ujVu3w8BdTj2VK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks