General

  • Target

    a6626d32412abf2f7a05f3fc39b47f768c373b84b2e42a0d4f8aa189b27ffd57N

  • Size

    64KB

  • Sample

    241107-ek6hpaxmhl

  • MD5

    1b858bec18f269aa04aff6473830d2e0

  • SHA1

    0be796aa02bfd83e135cc9a67be81aeb0e0fe02f

  • SHA256

    a6626d32412abf2f7a05f3fc39b47f768c373b84b2e42a0d4f8aa189b27ffd57

  • SHA512

    47ed597e398146717df557c4a6bfc7fdc99d20b9c9acd83f5a8d3b9fd238291eb9f89eb1be71ce18108c8249dfd9251375fcf5824328e82a9c3fcf7d19354057

  • SSDEEP

    768:HzANO5wReg/oLMNFsXj9h9992sXKwAgc/9fzB+g+O1Pj/1H5K6XJ1IwEGp9Thfz6:IO5YZ/BWj9D7Ygc5ykPVFXUwXfzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a6626d32412abf2f7a05f3fc39b47f768c373b84b2e42a0d4f8aa189b27ffd57N

    • Size

      64KB

    • MD5

      1b858bec18f269aa04aff6473830d2e0

    • SHA1

      0be796aa02bfd83e135cc9a67be81aeb0e0fe02f

    • SHA256

      a6626d32412abf2f7a05f3fc39b47f768c373b84b2e42a0d4f8aa189b27ffd57

    • SHA512

      47ed597e398146717df557c4a6bfc7fdc99d20b9c9acd83f5a8d3b9fd238291eb9f89eb1be71ce18108c8249dfd9251375fcf5824328e82a9c3fcf7d19354057

    • SSDEEP

      768:HzANO5wReg/oLMNFsXj9h9992sXKwAgc/9fzB+g+O1Pj/1H5K6XJ1IwEGp9Thfz6:IO5YZ/BWj9D7Ygc5ykPVFXUwXfzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks