General

  • Target

    a97bcd88922cdd038a2ad62104b8f51bc46b7763a47412856576b2200b5d662d.exe

  • Size

    55KB

  • Sample

    250127-sdkjjavkfr

  • MD5

    d92cddbd70a9152730115df144d86acf

  • SHA1

    68fcc8f58ae5a4c2e74c564d48861b9c8811c7dd

  • SHA256

    a97bcd88922cdd038a2ad62104b8f51bc46b7763a47412856576b2200b5d662d

  • SHA512

    cbfc838d63f974d85de25e4d0e16904a24cf575792bef0bb6f9ad502e3eb2125e8d908abd3c3d30c1c8b1b16e3c7b111cf0348d4a5b66559809c75a708d23a1e

  • SSDEEP

    1536:l4iwxP1wbUdI3BZ6/P//zFc/ZJtxp8stNSoNSd0A3shxD6+:DwRyxAy/lxvtNXNW0A8hhx

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a97bcd88922cdd038a2ad62104b8f51bc46b7763a47412856576b2200b5d662d.exe

    • Size

      55KB

    • MD5

      d92cddbd70a9152730115df144d86acf

    • SHA1

      68fcc8f58ae5a4c2e74c564d48861b9c8811c7dd

    • SHA256

      a97bcd88922cdd038a2ad62104b8f51bc46b7763a47412856576b2200b5d662d

    • SHA512

      cbfc838d63f974d85de25e4d0e16904a24cf575792bef0bb6f9ad502e3eb2125e8d908abd3c3d30c1c8b1b16e3c7b111cf0348d4a5b66559809c75a708d23a1e

    • SSDEEP

      1536:l4iwxP1wbUdI3BZ6/P//zFc/ZJtxp8stNSoNSd0A3shxD6+:DwRyxAy/lxvtNXNW0A8hhx

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks