General
-
Target
87cb1c71bf241b66d1dee2ac87bc5c06b35f79a3e08c012e060bb32d9a34f5b3N.exe
-
Size
142KB
-
Sample
241222-ptpawayndr
-
MD5
79fbef6e5061a5d58d4334dadf0f13f0
-
SHA1
70464d4218901f47bb082e2ec47e23218b2a5a9d
-
SHA256
87cb1c71bf241b66d1dee2ac87bc5c06b35f79a3e08c012e060bb32d9a34f5b3
-
SHA512
78fae434001db04638206edded9422d4f106ffac5de66db86ff17953892cb16fd3168c52cb9c4a64271bd77378d7d68ada8c7ef39249898623b91e5ffb179a90
-
SSDEEP
3072:+PT2XBzDMo0Qc4EgsIUw8YkAMo0Qc4sIUw8AMo0Qc4EIUw8YkAMo0Qc4EgsIUm+u:+PT2Xd8R2TGjYF3azNPXPXTGjYe
Malware Config
Extracted
berbew
http://tat-neftbank.ru/kkq.php
http://tat-neftbank.ru/wcmd.htm
Targets
-
-
Target
87cb1c71bf241b66d1dee2ac87bc5c06b35f79a3e08c012e060bb32d9a34f5b3N.exe
-
Size
142KB
-
MD5
79fbef6e5061a5d58d4334dadf0f13f0
-
SHA1
70464d4218901f47bb082e2ec47e23218b2a5a9d
-
SHA256
87cb1c71bf241b66d1dee2ac87bc5c06b35f79a3e08c012e060bb32d9a34f5b3
-
SHA512
78fae434001db04638206edded9422d4f106ffac5de66db86ff17953892cb16fd3168c52cb9c4a64271bd77378d7d68ada8c7ef39249898623b91e5ffb179a90
-
SSDEEP
3072:+PT2XBzDMo0Qc4EgsIUw8YkAMo0Qc4sIUw8AMo0Qc4EIUw8YkAMo0Qc4EgsIUm+u:+PT2Xd8R2TGjYF3azNPXPXTGjYe
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-