General

  • Target

    fdfddb61d79c05aab625c87545b08023b957bd85a5c7c71b0a44774591012978N.exe

  • Size

    250KB

  • Sample

    250127-slapasvneq

  • MD5

    98036fe10b95c80689c2c7e086698de0

  • SHA1

    6ba53fc51554e600211e8e927e68a10e7312d7a7

  • SHA256

    fdfddb61d79c05aab625c87545b08023b957bd85a5c7c71b0a44774591012978

  • SHA512

    06ba8134661a929591448a402fce289076db9f1e074f9423b54ceb6ba7165a24a85d48cbcb9991a8fffeef6a5574816bcf3996ee47d0aad42afdc7c57a31214c

  • SSDEEP

    6144:vMJ0Xp6pvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:vFpJ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fdfddb61d79c05aab625c87545b08023b957bd85a5c7c71b0a44774591012978N.exe

    • Size

      250KB

    • MD5

      98036fe10b95c80689c2c7e086698de0

    • SHA1

      6ba53fc51554e600211e8e927e68a10e7312d7a7

    • SHA256

      fdfddb61d79c05aab625c87545b08023b957bd85a5c7c71b0a44774591012978

    • SHA512

      06ba8134661a929591448a402fce289076db9f1e074f9423b54ceb6ba7165a24a85d48cbcb9991a8fffeef6a5574816bcf3996ee47d0aad42afdc7c57a31214c

    • SSDEEP

      6144:vMJ0Xp6pvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:vFpJ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks