General

  • Target

    2c2062a65b1cd5270fa32117e7ccd2778d815a541bf09742299d5c664a1cc65f.exe

  • Size

    224KB

  • Sample

    241113-vgcn7swbja

  • MD5

    32aa70288e13149e43dec28753e980f4

  • SHA1

    bc2b5ac6410c5346f4244b303f39daf7ec1f192c

  • SHA256

    2c2062a65b1cd5270fa32117e7ccd2778d815a541bf09742299d5c664a1cc65f

  • SHA512

    bddfda18026b033760b0b7b1d31b19aa908fa89cb3651c2224bc3fa6bb7959134532b56032d471309cde5f7cd832ebd6f9eb57c90b4f5d5e46b1eb35496e8528

  • SSDEEP

    3072:WreudIY7/T6IlvIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOgtd:nu56qF4s5tTDUZNSN58VU5tTtd

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2c2062a65b1cd5270fa32117e7ccd2778d815a541bf09742299d5c664a1cc65f.exe

    • Size

      224KB

    • MD5

      32aa70288e13149e43dec28753e980f4

    • SHA1

      bc2b5ac6410c5346f4244b303f39daf7ec1f192c

    • SHA256

      2c2062a65b1cd5270fa32117e7ccd2778d815a541bf09742299d5c664a1cc65f

    • SHA512

      bddfda18026b033760b0b7b1d31b19aa908fa89cb3651c2224bc3fa6bb7959134532b56032d471309cde5f7cd832ebd6f9eb57c90b4f5d5e46b1eb35496e8528

    • SSDEEP

      3072:WreudIY7/T6IlvIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOgtd:nu56qF4s5tTDUZNSN58VU5tTtd

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks