General

  • Target

    1415f123e5fdebb640379c4e0dd506d0d905bbb01d1c07b995a3d4d442eba06bN.exe

  • Size

    85KB

  • Sample

    241203-v4mgxs1mgk

  • MD5

    f8b3b6ece16ae97f148be3a22c335460

  • SHA1

    1aea99eee7cdec3d7018e95976467019b6d41994

  • SHA256

    1415f123e5fdebb640379c4e0dd506d0d905bbb01d1c07b995a3d4d442eba06b

  • SHA512

    fa0427f7b9bc448bda3331b66a8ac629b6d83cb0e80d714a3b484a1542bcf135e7e1833bd096379743abe6cb8b27d5be9e373bcbcbc89eab0dbbde7ce3c57b73

  • SSDEEP

    1536:+CnP58YLt9BxFARCUwBK2m4z55m1D4a/4MG+BlO7uXcNvvm5yw/Lb0OUrrQ35wNJ:+mBlpHxFARJwBKC+4a/4MFS7usluTXpC

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1415f123e5fdebb640379c4e0dd506d0d905bbb01d1c07b995a3d4d442eba06bN.exe

    • Size

      85KB

    • MD5

      f8b3b6ece16ae97f148be3a22c335460

    • SHA1

      1aea99eee7cdec3d7018e95976467019b6d41994

    • SHA256

      1415f123e5fdebb640379c4e0dd506d0d905bbb01d1c07b995a3d4d442eba06b

    • SHA512

      fa0427f7b9bc448bda3331b66a8ac629b6d83cb0e80d714a3b484a1542bcf135e7e1833bd096379743abe6cb8b27d5be9e373bcbcbc89eab0dbbde7ce3c57b73

    • SSDEEP

      1536:+CnP58YLt9BxFARCUwBK2m4z55m1D4a/4MG+BlO7uXcNvvm5yw/Lb0OUrrQ35wNJ:+mBlpHxFARJwBKC+4a/4MFS7usluTXpC

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks