General

  • Target

    6fd6546b72266ca0e23811699e2b03dc506c65f9251485d910e5218a1b64c2f5

  • Size

    67KB

  • Sample

    241222-3lh1sa1rcs

  • MD5

    bc6731a19e5c2848ac800c65a1846c15

  • SHA1

    9695cc9f0a733bb4b9567104bfddacf2b13d1b0e

  • SHA256

    6fd6546b72266ca0e23811699e2b03dc506c65f9251485d910e5218a1b64c2f5

  • SHA512

    a3931257f6a1aea6a6fe7fb8db92fffa54c31ced3cb98d346cf222c33e7076de694443741ddad33f6488159824d7e0a42b4ccd2b5c69230794f19f72c05c93a5

  • SSDEEP

    768:yYDDv9VwZz7XlRMOTKA7OmTSS9eX/1H5rP1PEVErME/feYvn1q/D2ZuAx0GoEkED:y8DzwZzJ+OeACmThIfsJifTduD4oTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6fd6546b72266ca0e23811699e2b03dc506c65f9251485d910e5218a1b64c2f5

    • Size

      67KB

    • MD5

      bc6731a19e5c2848ac800c65a1846c15

    • SHA1

      9695cc9f0a733bb4b9567104bfddacf2b13d1b0e

    • SHA256

      6fd6546b72266ca0e23811699e2b03dc506c65f9251485d910e5218a1b64c2f5

    • SHA512

      a3931257f6a1aea6a6fe7fb8db92fffa54c31ced3cb98d346cf222c33e7076de694443741ddad33f6488159824d7e0a42b4ccd2b5c69230794f19f72c05c93a5

    • SSDEEP

      768:yYDDv9VwZz7XlRMOTKA7OmTSS9eX/1H5rP1PEVErME/feYvn1q/D2ZuAx0GoEkED:y8DzwZzJ+OeACmThIfsJifTduD4oTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks