General

  • Target

    6f0969049973a7bbb81a854101ec555fcac25dbcc29a6cd758c33857573c6475N

  • Size

    69KB

  • Sample

    241109-fy9myaxpcy

  • MD5

    594e8f06beb4f92fa3d895657c2ebc40

  • SHA1

    8f2a727b6ca1dc80adec9303fc4143a1521d77fe

  • SHA256

    6f0969049973a7bbb81a854101ec555fcac25dbcc29a6cd758c33857573c6475

  • SHA512

    e467f624643450fbb6ed067e479ae993afea88b22e027e2d00f26e0fbaf466fb168e4897b13b633ca2f603e0343985ed4e8f79ec5e94bd9030dc0775690b35e1

  • SSDEEP

    1536:6BHOh/FjDmAQnNlrfwfHzU9SA30bvNein/GFZCeDAyY:yOyDNQH49SAYvNFn/GFZC1yY

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6f0969049973a7bbb81a854101ec555fcac25dbcc29a6cd758c33857573c6475N

    • Size

      69KB

    • MD5

      594e8f06beb4f92fa3d895657c2ebc40

    • SHA1

      8f2a727b6ca1dc80adec9303fc4143a1521d77fe

    • SHA256

      6f0969049973a7bbb81a854101ec555fcac25dbcc29a6cd758c33857573c6475

    • SHA512

      e467f624643450fbb6ed067e479ae993afea88b22e027e2d00f26e0fbaf466fb168e4897b13b633ca2f603e0343985ed4e8f79ec5e94bd9030dc0775690b35e1

    • SSDEEP

      1536:6BHOh/FjDmAQnNlrfwfHzU9SA30bvNein/GFZCeDAyY:yOyDNQH49SAYvNFn/GFZC1yY

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks