General

  • Target

    c6f32bae182c1e51ec61a19b83a18251c2623483f51507603da21e2471c56d6a

  • Size

    59KB

  • Sample

    241107-ethg8axpdn

  • MD5

    8ca6e0c7f14afac752c0d85222a7dd30

  • SHA1

    db101485b7ce56af9fba030f1ecc021d7a90fc66

  • SHA256

    c6f32bae182c1e51ec61a19b83a18251c2623483f51507603da21e2471c56d6a

  • SHA512

    ac77cf897952ee272edcd389b0fa165e0d33dcb08f5195c80d71ce102ef4d89c4c686e3191bb94e21ecc53d2a64d04d8eab442b6eacd99a665324ed86098dac8

  • SSDEEP

    1536:6+2gEEOnZ4vLHEHg+kjbe9qADQxIBHNCyVs:JEL4vLHEHg+gbflIBQes

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c6f32bae182c1e51ec61a19b83a18251c2623483f51507603da21e2471c56d6a

    • Size

      59KB

    • MD5

      8ca6e0c7f14afac752c0d85222a7dd30

    • SHA1

      db101485b7ce56af9fba030f1ecc021d7a90fc66

    • SHA256

      c6f32bae182c1e51ec61a19b83a18251c2623483f51507603da21e2471c56d6a

    • SHA512

      ac77cf897952ee272edcd389b0fa165e0d33dcb08f5195c80d71ce102ef4d89c4c686e3191bb94e21ecc53d2a64d04d8eab442b6eacd99a665324ed86098dac8

    • SSDEEP

      1536:6+2gEEOnZ4vLHEHg+kjbe9qADQxIBHNCyVs:JEL4vLHEHg+gbflIBQes

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks