General

  • Target

    07b6ce5cfe795f4754b73e3b61c6e55731757b50e77a7a0c250fa6eeab4c0714

  • Size

    194KB

  • Sample

    241224-x2dhcavmgp

  • MD5

    75da3112410395c547fcf949354eef02

  • SHA1

    771e00808ca309112835612f7ae0e974d1803119

  • SHA256

    07b6ce5cfe795f4754b73e3b61c6e55731757b50e77a7a0c250fa6eeab4c0714

  • SHA512

    359996708a6bb0d87d85ebd89e6c5a3ee8caf47087a2821d6ee939d49cc97dc0ee9f413bb1d2caeb4e7f96756f5a4b5dd5ff1907d7d05675d5e1ab80340a7c64

  • SSDEEP

    6144:uAInDz2rdSfUNRbCeKpNYxWlJ7mkD6pNY:

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      07b6ce5cfe795f4754b73e3b61c6e55731757b50e77a7a0c250fa6eeab4c0714

    • Size

      194KB

    • MD5

      75da3112410395c547fcf949354eef02

    • SHA1

      771e00808ca309112835612f7ae0e974d1803119

    • SHA256

      07b6ce5cfe795f4754b73e3b61c6e55731757b50e77a7a0c250fa6eeab4c0714

    • SHA512

      359996708a6bb0d87d85ebd89e6c5a3ee8caf47087a2821d6ee939d49cc97dc0ee9f413bb1d2caeb4e7f96756f5a4b5dd5ff1907d7d05675d5e1ab80340a7c64

    • SSDEEP

      6144:uAInDz2rdSfUNRbCeKpNYxWlJ7mkD6pNY:

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks