General

  • Target

    6ae671ea29a409700851859fd6e3f86883ebd7011a148ada93349f64355c1193N.exe

  • Size

    88KB

  • Sample

    241113-vg7jksvnfw

  • MD5

    f48dfb53593838d6fe412dc9dea9c130

  • SHA1

    d1ac89a7e0d208bba140862da9edae92a1a3558e

  • SHA256

    6ae671ea29a409700851859fd6e3f86883ebd7011a148ada93349f64355c1193

  • SHA512

    05cd9e923df5d6bacc8f722829162f7a7f146524cf3098d4bbc3800b7b0bcc9a199f7c75b846ca03bf84ff8419d82a9ddeb33778f0ede9d0bbd0469d5f6c9f1d

  • SSDEEP

    1536:6wcQls2i+NI61wQqrhm0pi5ZAwFL8QOVXtE1ukVd71rFZO7+90vT:6w3Zh0m0pi5ZbLi9EIIJ15ZO7Vr

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6ae671ea29a409700851859fd6e3f86883ebd7011a148ada93349f64355c1193N.exe

    • Size

      88KB

    • MD5

      f48dfb53593838d6fe412dc9dea9c130

    • SHA1

      d1ac89a7e0d208bba140862da9edae92a1a3558e

    • SHA256

      6ae671ea29a409700851859fd6e3f86883ebd7011a148ada93349f64355c1193

    • SHA512

      05cd9e923df5d6bacc8f722829162f7a7f146524cf3098d4bbc3800b7b0bcc9a199f7c75b846ca03bf84ff8419d82a9ddeb33778f0ede9d0bbd0469d5f6c9f1d

    • SSDEEP

      1536:6wcQls2i+NI61wQqrhm0pi5ZAwFL8QOVXtE1ukVd71rFZO7+90vT:6w3Zh0m0pi5ZbLi9EIIJ15ZO7Vr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks