General

  • Target

    f9201783a44ac182d1b06ea506e40c575bd90767b1a008b101227e3e0fb4e9b6.exe

  • Size

    339KB

  • Sample

    250127-sjk29atqhx

  • MD5

    886226f25e3d71244c09486f5f849aa5

  • SHA1

    ad26844f03dd5e09525a51a2a2c2060eb7cd76b9

  • SHA256

    f9201783a44ac182d1b06ea506e40c575bd90767b1a008b101227e3e0fb4e9b6

  • SHA512

    f90ce44fa720e9c220bf7bf73c0963ef9d3fb6021fb869977dd7c9c4ddcd376164260fad68d64d63f42556605b668c23e41c8c9a676fd5d5fc7de5acef903dc0

  • SSDEEP

    6144:QfBtE8TwcuN0xoarsFj5tT3sFOggi3NArsFj5tT3G:QZtE8TwcubCs15tLsGUNUs15tLG

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f9201783a44ac182d1b06ea506e40c575bd90767b1a008b101227e3e0fb4e9b6.exe

    • Size

      339KB

    • MD5

      886226f25e3d71244c09486f5f849aa5

    • SHA1

      ad26844f03dd5e09525a51a2a2c2060eb7cd76b9

    • SHA256

      f9201783a44ac182d1b06ea506e40c575bd90767b1a008b101227e3e0fb4e9b6

    • SHA512

      f90ce44fa720e9c220bf7bf73c0963ef9d3fb6021fb869977dd7c9c4ddcd376164260fad68d64d63f42556605b668c23e41c8c9a676fd5d5fc7de5acef903dc0

    • SSDEEP

      6144:QfBtE8TwcuN0xoarsFj5tT3sFOggi3NArsFj5tT3G:QZtE8TwcubCs15tLsGUNUs15tLG

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks