General

  • Target

    97c3c53ec362bf878da83f0231217cfb4a085b4a4704b4f48e4646bfdc7c2bd1.exe

  • Size

    93KB

  • Sample

    241113-kg9c3aydjc

  • MD5

    6058c1ff1cbe961e79114461ce36f5c7

  • SHA1

    782d74c3c1585deb2fa09ac169559563088341df

  • SHA256

    97c3c53ec362bf878da83f0231217cfb4a085b4a4704b4f48e4646bfdc7c2bd1

  • SHA512

    4bd9877d2cb0af7286149ec789ba085c321da71f42900f3d1da92cdf7625dd89694915537c6b7e40dcd46458ad60a84dd0f2f4c214dc3a6d8ce2edaf6f2b36f8

  • SSDEEP

    1536:/n4tZ1Nzuek+S/qL6thC5SlbUxSAHO3UQ6WYVepJJZIcqID59KOJk24VEI4Lar/G:/qZzzue9S/HhCa6SAHmUQ67e/nIcqIOw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      97c3c53ec362bf878da83f0231217cfb4a085b4a4704b4f48e4646bfdc7c2bd1.exe

    • Size

      93KB

    • MD5

      6058c1ff1cbe961e79114461ce36f5c7

    • SHA1

      782d74c3c1585deb2fa09ac169559563088341df

    • SHA256

      97c3c53ec362bf878da83f0231217cfb4a085b4a4704b4f48e4646bfdc7c2bd1

    • SHA512

      4bd9877d2cb0af7286149ec789ba085c321da71f42900f3d1da92cdf7625dd89694915537c6b7e40dcd46458ad60a84dd0f2f4c214dc3a6d8ce2edaf6f2b36f8

    • SSDEEP

      1536:/n4tZ1Nzuek+S/qL6thC5SlbUxSAHO3UQ6WYVepJJZIcqID59KOJk24VEI4Lar/G:/qZzzue9S/HhCa6SAHmUQ67e/nIcqIOw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks