General

  • Target

    ea60d6ae6c416bdd7ae0cbcf6593ae1f3a6d00bc336a0e9d355172683f27351a.exe

  • Size

    45KB

  • Sample

    241123-khl9xs1rdv

  • MD5

    529877279c25cc0c09e3491ae44a0fd0

  • SHA1

    84c2a115d5fe48af36b1884ef48f6cdaf49341b7

  • SHA256

    ea60d6ae6c416bdd7ae0cbcf6593ae1f3a6d00bc336a0e9d355172683f27351a

  • SHA512

    4cc9203711b6e3f4bfb4a6da1f44ac69cc08d853c944ba62e04e6115beb0643ec45d51dbe8b82953a7eaf03bdc2b5af077eca72d0a9006f53d60cb2c58264155

  • SSDEEP

    768:cThNIDF1f4cz5KFYGLBvaJumwN6ZzcdZFW8zaFLZlreKU3oVyULU/1H5Szp:cWTf4czaYGLBv4uGZzE28AbdZHLqQV

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ea60d6ae6c416bdd7ae0cbcf6593ae1f3a6d00bc336a0e9d355172683f27351a.exe

    • Size

      45KB

    • MD5

      529877279c25cc0c09e3491ae44a0fd0

    • SHA1

      84c2a115d5fe48af36b1884ef48f6cdaf49341b7

    • SHA256

      ea60d6ae6c416bdd7ae0cbcf6593ae1f3a6d00bc336a0e9d355172683f27351a

    • SHA512

      4cc9203711b6e3f4bfb4a6da1f44ac69cc08d853c944ba62e04e6115beb0643ec45d51dbe8b82953a7eaf03bdc2b5af077eca72d0a9006f53d60cb2c58264155

    • SSDEEP

      768:cThNIDF1f4cz5KFYGLBvaJumwN6ZzcdZFW8zaFLZlreKU3oVyULU/1H5Szp:cWTf4czaYGLBv4uGZzE28AbdZHLqQV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks