General

  • Target

    c6f8a4d6d6a241045b7ec54e643f79cc997a3057d2897802927cef6e86d8ed4eN

  • Size

    250KB

  • Sample

    241110-bbqt4awdlh

  • MD5

    e4080b762ca00f90aecf9326f16d09a0

  • SHA1

    dc94aef5250eb2aae6a5a0d37c33e5b6f044b881

  • SHA256

    c6f8a4d6d6a241045b7ec54e643f79cc997a3057d2897802927cef6e86d8ed4e

  • SHA512

    271a7c1fb94ae74537c05499f1da2d3dbbe511ae1127c1d9960b757c28919ae50fb38477f01986f61b9ab1dce057c9298fdd007e4a6656c290526f5d27afa3bb

  • SSDEEP

    6144:8CwJ+vCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:8T

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c6f8a4d6d6a241045b7ec54e643f79cc997a3057d2897802927cef6e86d8ed4eN

    • Size

      250KB

    • MD5

      e4080b762ca00f90aecf9326f16d09a0

    • SHA1

      dc94aef5250eb2aae6a5a0d37c33e5b6f044b881

    • SHA256

      c6f8a4d6d6a241045b7ec54e643f79cc997a3057d2897802927cef6e86d8ed4e

    • SHA512

      271a7c1fb94ae74537c05499f1da2d3dbbe511ae1127c1d9960b757c28919ae50fb38477f01986f61b9ab1dce057c9298fdd007e4a6656c290526f5d27afa3bb

    • SSDEEP

      6144:8CwJ+vCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:8T

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks