General

  • Target

    6fda5ca8a323d7402848d253b2cbf6070a0b41bcbddf0ea3739945a3097d6478N

  • Size

    42KB

  • Sample

    241110-a645jaymdn

  • MD5

    a2ce41715c0aa393224c6ab0270c29e0

  • SHA1

    5b5a6bd8a617575ebb3d366acfa903cebe06e623

  • SHA256

    6fda5ca8a323d7402848d253b2cbf6070a0b41bcbddf0ea3739945a3097d6478

  • SHA512

    62a2e01c22cfe3fe5fc8c98cd00a9028cd36a46942a3d508ddde768037f86358d1996903b53f6dfbf3b941d6fb10fd864a71f01726cb052cd545d9c92f51aae9

  • SSDEEP

    768:8eZffTOBIo4h/nN8xN7S2HpEfQYeCn4zTTTTTTTTTTTTTTLTTTTTTEfTTTTTT6AH:9fc8xNm2JBnME3

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6fda5ca8a323d7402848d253b2cbf6070a0b41bcbddf0ea3739945a3097d6478N

    • Size

      42KB

    • MD5

      a2ce41715c0aa393224c6ab0270c29e0

    • SHA1

      5b5a6bd8a617575ebb3d366acfa903cebe06e623

    • SHA256

      6fda5ca8a323d7402848d253b2cbf6070a0b41bcbddf0ea3739945a3097d6478

    • SHA512

      62a2e01c22cfe3fe5fc8c98cd00a9028cd36a46942a3d508ddde768037f86358d1996903b53f6dfbf3b941d6fb10fd864a71f01726cb052cd545d9c92f51aae9

    • SSDEEP

      768:8eZffTOBIo4h/nN8xN7S2HpEfQYeCn4zTTTTTTTTTTTTTTLTTTTTTEfTTTTTT6AH:9fc8xNm2JBnME3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks