Overview

overview

10

Static

static

3

563aa17120...aN.exe

windows7-x64

10

563aa17120...aN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    563aa17120ec00f2cca344a54b4230a0985be75f03500abb949873a7496d3e9aN

  • Size

    415KB

  • Sample

    240919-xama6sterg

  • MD5

    7a9a5373005768ce337bce9361a31f40

  • SHA1

    c0d9a2aa1386a785ff70b524a5b8e5e5d7c9a987

  • SHA256

    563aa17120ec00f2cca344a54b4230a0985be75f03500abb949873a7496d3e9a

  • SHA512

    f00eaaa50712b61381f9c6f7f528d712293f7edcc3af0fa5db2ce8afb3a344a170d710d5f0ad9d887662064f2201370dd81f326a47648a92fcc615a77b6b930e

  • SSDEEP

    12288:8oWj7NtInBBBBBBBBBBBBBBBBBBBBBBBBB0kfBBBBBBBBBBBBBBBBBBBBBBBBBNz:8klp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      563aa17120ec00f2cca344a54b4230a0985be75f03500abb949873a7496d3e9aN

    • Size

      415KB

    • MD5

      7a9a5373005768ce337bce9361a31f40

    • SHA1

      c0d9a2aa1386a785ff70b524a5b8e5e5d7c9a987

    • SHA256

      563aa17120ec00f2cca344a54b4230a0985be75f03500abb949873a7496d3e9a

    • SHA512

      f00eaaa50712b61381f9c6f7f528d712293f7edcc3af0fa5db2ce8afb3a344a170d710d5f0ad9d887662064f2201370dd81f326a47648a92fcc615a77b6b930e

    • SSDEEP

      12288:8oWj7NtInBBBBBBBBBBBBBBBBBBBBBBBBB0kfBBBBBBBBBBBBBBBBBBBBBBBBBNz:8klp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks