General

  • Target

    6f8fd877f28a4020b41489e01ec343afafc19fe3ac6d59cf15abe712cb4f4c20N

  • Size

    101KB

  • Sample

    241109-gy6rqazanf

  • MD5

    e2792c51665c413c081b04258875fac0

  • SHA1

    822430adb6b296526e74a65681955e6b55c494f6

  • SHA256

    6f8fd877f28a4020b41489e01ec343afafc19fe3ac6d59cf15abe712cb4f4c20

  • SHA512

    53cb776dfb73682822b730bcf3a635f55d5db93aa68ff515920df8a652683f2d7e5480254e71d21eee70ad9dd088d65abb1d8e53f65f0e41d4008be13c9bfda1

  • SSDEEP

    3072:O42DHFFstmbduXqbyu0sY7q5AnrHY4vDX:VysYA853Anr44vDX

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6f8fd877f28a4020b41489e01ec343afafc19fe3ac6d59cf15abe712cb4f4c20N

    • Size

      101KB

    • MD5

      e2792c51665c413c081b04258875fac0

    • SHA1

      822430adb6b296526e74a65681955e6b55c494f6

    • SHA256

      6f8fd877f28a4020b41489e01ec343afafc19fe3ac6d59cf15abe712cb4f4c20

    • SHA512

      53cb776dfb73682822b730bcf3a635f55d5db93aa68ff515920df8a652683f2d7e5480254e71d21eee70ad9dd088d65abb1d8e53f65f0e41d4008be13c9bfda1

    • SSDEEP

      3072:O42DHFFstmbduXqbyu0sY7q5AnrHY4vDX:VysYA853Anr44vDX

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks