General

  • Target

    9b3b0dc5a1f929a129cb2dfde3a75fd9e86aaeffc0b54e3000f1ebb8ac4e2a43N.exe

  • Size

    1.2MB

  • Sample

    241113-jslwgayank

  • MD5

    f487118183144a2142d233d68e79ce70

  • SHA1

    9efcb1afdc7d34730d8814e9fcaaeb9bd5de5914

  • SHA256

    9b3b0dc5a1f929a129cb2dfde3a75fd9e86aaeffc0b54e3000f1ebb8ac4e2a43

  • SHA512

    eecb52b45c241b6b8fb85b92097ef031fbbef269efc2d4f0d1384f0023655bf55b203d45b92175b78e0dd5ffd782f31d230eb66af24c3a784d619f4c23d40291

  • SSDEEP

    6144:sHrz6e/IcYvC8vA+XTv7FYUwMOFusQ+kJ3StWDKcGVol:sHbFYvNA+XTvZHWuEo3oW2to

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9b3b0dc5a1f929a129cb2dfde3a75fd9e86aaeffc0b54e3000f1ebb8ac4e2a43N.exe

    • Size

      1.2MB

    • MD5

      f487118183144a2142d233d68e79ce70

    • SHA1

      9efcb1afdc7d34730d8814e9fcaaeb9bd5de5914

    • SHA256

      9b3b0dc5a1f929a129cb2dfde3a75fd9e86aaeffc0b54e3000f1ebb8ac4e2a43

    • SHA512

      eecb52b45c241b6b8fb85b92097ef031fbbef269efc2d4f0d1384f0023655bf55b203d45b92175b78e0dd5ffd782f31d230eb66af24c3a784d619f4c23d40291

    • SSDEEP

      6144:sHrz6e/IcYvC8vA+XTv7FYUwMOFusQ+kJ3StWDKcGVol:sHbFYvNA+XTvZHWuEo3oW2to

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks