General

  • Target

    0cabb22e405f74f853acd70df2cd4788021b6fa4e4095dee354a8ab589425d8a.exe

  • Size

    704KB

  • Sample

    241113-w9769axckb

  • MD5

    53f91eac41dea0853157a38659d00c62

  • SHA1

    3b97726a1d5971cab1da481a426b0b0f5ecdd19e

  • SHA256

    0cabb22e405f74f853acd70df2cd4788021b6fa4e4095dee354a8ab589425d8a

  • SHA512

    7fbded041b6ccb81074c957ab430127bf34dc8ed7f4534d3877bedb66c5273f42a99726ce94aa6b18e68b4217b038498fac2977b7d831498a815ae1263636674

  • SSDEEP

    12288:vlMTaph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20C:vwaph2kkkkK4kXkkkkkkkkhLX3a20R0J

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0cabb22e405f74f853acd70df2cd4788021b6fa4e4095dee354a8ab589425d8a.exe

    • Size

      704KB

    • MD5

      53f91eac41dea0853157a38659d00c62

    • SHA1

      3b97726a1d5971cab1da481a426b0b0f5ecdd19e

    • SHA256

      0cabb22e405f74f853acd70df2cd4788021b6fa4e4095dee354a8ab589425d8a

    • SHA512

      7fbded041b6ccb81074c957ab430127bf34dc8ed7f4534d3877bedb66c5273f42a99726ce94aa6b18e68b4217b038498fac2977b7d831498a815ae1263636674

    • SSDEEP

      12288:vlMTaph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20C:vwaph2kkkkK4kXkkkkkkkkhLX3a20R0J

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks