Overview

overview

10

Static

static

3

325acfd6aa...b1.exe

windows7-x64

10

325acfd6aa...b1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    325acfd6aa97e91f839ec933745c6b2ffb04857841d2366a6effd50948a8d6b1

  • Size

    256KB

  • Sample

    240919-ycx15axckp

  • MD5

    e0cb946740c460cc4755070d67ec6928

  • SHA1

    1d650adbabdbc524ccafcc7c4b3ae15cc4cb232d

  • SHA256

    325acfd6aa97e91f839ec933745c6b2ffb04857841d2366a6effd50948a8d6b1

  • SHA512

    9039e1facca72d5e38deb58c0f66a5715105f05ec7685ada7ab3d815b126df3d28a8e5e8aa4c5fef2f9fbadc56e1dade2a7eae2e205d46f809eb92321dea88ad

  • SSDEEP

    6144:mkpc26Qt853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:m+v6iQBpnchWcZj

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      325acfd6aa97e91f839ec933745c6b2ffb04857841d2366a6effd50948a8d6b1

    • Size

      256KB

    • MD5

      e0cb946740c460cc4755070d67ec6928

    • SHA1

      1d650adbabdbc524ccafcc7c4b3ae15cc4cb232d

    • SHA256

      325acfd6aa97e91f839ec933745c6b2ffb04857841d2366a6effd50948a8d6b1

    • SHA512

      9039e1facca72d5e38deb58c0f66a5715105f05ec7685ada7ab3d815b126df3d28a8e5e8aa4c5fef2f9fbadc56e1dade2a7eae2e205d46f809eb92321dea88ad

    • SSDEEP

      6144:mkpc26Qt853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:m+v6iQBpnchWcZj

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks