General

  • Target

    6e7572c7354da800f93cb476fc33c95a7e765495966ac22a816d3e483cc99a5bN.exe

  • Size

    45KB

  • Sample

    241113-tkk93svgll

  • MD5

    760ca6d55ac40fca93256043c34619b0

  • SHA1

    c2dc2c55472d49c756a8da37340d9af26e480ae6

  • SHA256

    6e7572c7354da800f93cb476fc33c95a7e765495966ac22a816d3e483cc99a5b

  • SHA512

    71152badd92753e70432da74c06a159dc4ab31fe20dacffbffb572e2c50fc4e814458d31aab93882c0a39f7509d1137dbb3220e89e45258604ffcce00dfdc867

  • SSDEEP

    768:IE6S7zPsMOWxfpZkGmBBEIz4Dx1hfVHqfknsMOnXcVxptsm9/1H5o:56okMxfpCRBuIz4DxvfVAJmxpt9O

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6e7572c7354da800f93cb476fc33c95a7e765495966ac22a816d3e483cc99a5bN.exe

    • Size

      45KB

    • MD5

      760ca6d55ac40fca93256043c34619b0

    • SHA1

      c2dc2c55472d49c756a8da37340d9af26e480ae6

    • SHA256

      6e7572c7354da800f93cb476fc33c95a7e765495966ac22a816d3e483cc99a5b

    • SHA512

      71152badd92753e70432da74c06a159dc4ab31fe20dacffbffb572e2c50fc4e814458d31aab93882c0a39f7509d1137dbb3220e89e45258604ffcce00dfdc867

    • SSDEEP

      768:IE6S7zPsMOWxfpZkGmBBEIz4Dx1hfVHqfknsMOnXcVxptsm9/1H5o:56okMxfpCRBuIz4DxvfVAJmxpt9O

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks