General

  • Target

    edd62b3fdd4527f6c189346fda188843aa7dc25f9ed9663f49eb47f597f3da6fN.exe

  • Size

    264KB

  • Sample

    241222-ryjmas1qdn

  • MD5

    85e269ce2f2d46b75b1f15bd1f2a3bc0

  • SHA1

    4d501057710dd67755acb9f1fa772af4f51690b4

  • SHA256

    edd62b3fdd4527f6c189346fda188843aa7dc25f9ed9663f49eb47f597f3da6f

  • SHA512

    3a35b87175a59facdc0e8b169f846d8a801f02ca270838d5835d4327ec7d0a7d68ac93ca832b9cbfc7d218f25b3459348b62fc10d9c868d2c60eda704cb49024

  • SSDEEP

    3072:Kc5XLq224ho1mtye3lFDrFDHZtObmOm3AIpwbjshrmP24ho1mtye3lFDrFDHZtO/:zLqbsFj5t13LJhrmMsFj5tw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      edd62b3fdd4527f6c189346fda188843aa7dc25f9ed9663f49eb47f597f3da6fN.exe

    • Size

      264KB

    • MD5

      85e269ce2f2d46b75b1f15bd1f2a3bc0

    • SHA1

      4d501057710dd67755acb9f1fa772af4f51690b4

    • SHA256

      edd62b3fdd4527f6c189346fda188843aa7dc25f9ed9663f49eb47f597f3da6f

    • SHA512

      3a35b87175a59facdc0e8b169f846d8a801f02ca270838d5835d4327ec7d0a7d68ac93ca832b9cbfc7d218f25b3459348b62fc10d9c868d2c60eda704cb49024

    • SSDEEP

      3072:Kc5XLq224ho1mtye3lFDrFDHZtObmOm3AIpwbjshrmP24ho1mtye3lFDrFDHZtO/:zLqbsFj5t13LJhrmMsFj5tw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks