General

  • Target

    da5485cb2f532d87e55d9f8189f877bb6cbea5d66b893fa53a8dbdca4d22d716.exe

  • Size

    45KB

  • Sample

    241113-vnwewswckd

  • MD5

    c7041849cc6d4e8163fba97b9078ad66

  • SHA1

    8ac3e566f3d944f4967e84bbfdda5af467555284

  • SHA256

    da5485cb2f532d87e55d9f8189f877bb6cbea5d66b893fa53a8dbdca4d22d716

  • SHA512

    47890bfb722805ff0be2016cec0bbb86b1b1921751a035a11651333b8014a6176ffc0d9570f245d255720e14d94c594eecf6e1aab982d909febf456066b1cc15

  • SSDEEP

    768:IE6S7zPsMOWxfpZkGmBBEIz4Dx1hfVHqfknsMOnXcVxptsm9/1H5o:56okMxfpCRBuIz4DxvfVAJmxpt9q

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      da5485cb2f532d87e55d9f8189f877bb6cbea5d66b893fa53a8dbdca4d22d716.exe

    • Size

      45KB

    • MD5

      c7041849cc6d4e8163fba97b9078ad66

    • SHA1

      8ac3e566f3d944f4967e84bbfdda5af467555284

    • SHA256

      da5485cb2f532d87e55d9f8189f877bb6cbea5d66b893fa53a8dbdca4d22d716

    • SHA512

      47890bfb722805ff0be2016cec0bbb86b1b1921751a035a11651333b8014a6176ffc0d9570f245d255720e14d94c594eecf6e1aab982d909febf456066b1cc15

    • SSDEEP

      768:IE6S7zPsMOWxfpZkGmBBEIz4Dx1hfVHqfknsMOnXcVxptsm9/1H5o:56okMxfpCRBuIz4DxvfVAJmxpt9q

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks