General

  • Target

    a454bc2177bb72acaeb38a04c6f94f0795c8b34a75cefc208d8a8d81363f530fN.exe

  • Size

    93KB

  • Sample

    241113-vkl22swdnk

  • MD5

    ee46dc9f9325056e7a320c3f73b513b0

  • SHA1

    f01cb45ab1925b457e2686297fb3dc177e49c039

  • SHA256

    a454bc2177bb72acaeb38a04c6f94f0795c8b34a75cefc208d8a8d81363f530f

  • SHA512

    8481fa2ba95b04349cfcafce4445d2bf913fca61c9eddecae561a90bb5e82e2ee7ab07b824dae638a64d2dae144c157b39a32ec4184d46d7205683d2bf02d9cc

  • SSDEEP

    1536:Y+KfKUYASGE6yVMsU2Tuf5q6vfYVepJJZIcqID59KOJk24VEI4Lar/ju7JCU:Y9SnASGRsU2Tuf5q6ce/nIcqIOOJF4EX

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a454bc2177bb72acaeb38a04c6f94f0795c8b34a75cefc208d8a8d81363f530fN.exe

    • Size

      93KB

    • MD5

      ee46dc9f9325056e7a320c3f73b513b0

    • SHA1

      f01cb45ab1925b457e2686297fb3dc177e49c039

    • SHA256

      a454bc2177bb72acaeb38a04c6f94f0795c8b34a75cefc208d8a8d81363f530f

    • SHA512

      8481fa2ba95b04349cfcafce4445d2bf913fca61c9eddecae561a90bb5e82e2ee7ab07b824dae638a64d2dae144c157b39a32ec4184d46d7205683d2bf02d9cc

    • SSDEEP

      1536:Y+KfKUYASGE6yVMsU2Tuf5q6vfYVepJJZIcqID59KOJk24VEI4Lar/ju7JCU:Y9SnASGRsU2Tuf5q6ce/nIcqIOOJF4EX

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks