Overview

overview

10

Static

static

3

2602f74e18...5N.exe

windows7-x64

10

2602f74e18...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2602f74e18d3680704f43eb9ff960eed2d763b7625e6762a915696acd62116f5N

  • Size

    67KB

  • Sample

    240919-f4kk1atakk

  • MD5

    5f4210f4a53fba850438655fa349d210

  • SHA1

    1aacba3dcbff2906517dddfa0c87b00f44e035fd

  • SHA256

    2602f74e18d3680704f43eb9ff960eed2d763b7625e6762a915696acd62116f5

  • SHA512

    9a7225bbae5ee8b5e323126783c884f6cec96be11584a26e39b413e5b18a1e5f6481115d0588162eca456fded30675321afe9bd607aab6d17aa39a9ea6a0742d

  • SSDEEP

    1536:4iSSf8Mlp+QQQgluPtFRSsJifTduD4oTxwy:7RQQIuPPRSsJibdMTxwy

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2602f74e18d3680704f43eb9ff960eed2d763b7625e6762a915696acd62116f5N

    • Size

      67KB

    • MD5

      5f4210f4a53fba850438655fa349d210

    • SHA1

      1aacba3dcbff2906517dddfa0c87b00f44e035fd

    • SHA256

      2602f74e18d3680704f43eb9ff960eed2d763b7625e6762a915696acd62116f5

    • SHA512

      9a7225bbae5ee8b5e323126783c884f6cec96be11584a26e39b413e5b18a1e5f6481115d0588162eca456fded30675321afe9bd607aab6d17aa39a9ea6a0742d

    • SSDEEP

      1536:4iSSf8Mlp+QQQgluPtFRSsJifTduD4oTxwy:7RQQIuPPRSsJibdMTxwy

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks