General

  • Target

    af52301b8a7b2548bc2f549c09ce76cd12ee62b07cb0dcb8046e522cd033c460.exe

  • Size

    67KB

  • Sample

    241113-kndjza1rdq

  • MD5

    3e1d81e9917be989e9420ab88e7bf35b

  • SHA1

    18d36f8e14da1333990f5d7c9b25d4a489216fd5

  • SHA256

    af52301b8a7b2548bc2f549c09ce76cd12ee62b07cb0dcb8046e522cd033c460

  • SHA512

    88b32452ea88e682c52892059241cf48110268db0e43b11b01f661b44e8ae737a155c1f200de65389b0f125216a1582d3c8c178e842fc043f2b9991fbe2f0917

  • SSDEEP

    1536:j0/LBehvL4BydnX00ID3OIuSzsJifTduD4oTxwX:jWCLuydnERaIuSzsJibdMTxwX

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      af52301b8a7b2548bc2f549c09ce76cd12ee62b07cb0dcb8046e522cd033c460.exe

    • Size

      67KB

    • MD5

      3e1d81e9917be989e9420ab88e7bf35b

    • SHA1

      18d36f8e14da1333990f5d7c9b25d4a489216fd5

    • SHA256

      af52301b8a7b2548bc2f549c09ce76cd12ee62b07cb0dcb8046e522cd033c460

    • SHA512

      88b32452ea88e682c52892059241cf48110268db0e43b11b01f661b44e8ae737a155c1f200de65389b0f125216a1582d3c8c178e842fc043f2b9991fbe2f0917

    • SSDEEP

      1536:j0/LBehvL4BydnX00ID3OIuSzsJifTduD4oTxwX:jWCLuydnERaIuSzsJibdMTxwX

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks