Overview

overview

10

Static

static

3

2dc5d0652a...1N.exe

windows7-x64

10

2dc5d0652a...1N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2dc5d0652a63c0b1090d3d9aa7547b9d386e5df46af8cd0e7d01405e10cbddd1N

  • Size

    320KB

  • Sample

    240919-k5pnka1flr

  • MD5

    e46d88b6a3441fae32472d2a823cb490

  • SHA1

    1b284f17a2981ef7c4382e087221d9a79e38af12

  • SHA256

    2dc5d0652a63c0b1090d3d9aa7547b9d386e5df46af8cd0e7d01405e10cbddd1

  • SHA512

    c4a9d97ecb82ccf7e2115a651ded4bba2aaf91927a68af5831c76a3e52e3175a2ff8a8828ece78355c6f2b60e5827f067a6891eb590e2ee4166f0de5f3e36238

  • SSDEEP

    6144:xYBFz6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nh:mS705kWM/9J6gqGBf/h

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2dc5d0652a63c0b1090d3d9aa7547b9d386e5df46af8cd0e7d01405e10cbddd1N

    • Size

      320KB

    • MD5

      e46d88b6a3441fae32472d2a823cb490

    • SHA1

      1b284f17a2981ef7c4382e087221d9a79e38af12

    • SHA256

      2dc5d0652a63c0b1090d3d9aa7547b9d386e5df46af8cd0e7d01405e10cbddd1

    • SHA512

      c4a9d97ecb82ccf7e2115a651ded4bba2aaf91927a68af5831c76a3e52e3175a2ff8a8828ece78355c6f2b60e5827f067a6891eb590e2ee4166f0de5f3e36238

    • SSDEEP

      6144:xYBFz6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nh:mS705kWM/9J6gqGBf/h

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks