Overview

overview

10

Static

static

3

81b930a05b...eN.exe

windows7-x64

10

81b930a05b...eN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    81b930a05bcfad48290123ffe08f6d998eef8f277fabd7062449392ef364275eN

  • Size

    45KB

  • Sample

    240921-2ndneaybjf

  • MD5

    bfe61b74900c060787d2cc2ef4861b50

  • SHA1

    d2e990d7d8ef6812b185f6e6937c981029d06052

  • SHA256

    81b930a05bcfad48290123ffe08f6d998eef8f277fabd7062449392ef364275e

  • SHA512

    85bdef358e5218f012a81a37646f93d246cd28975ee9d89a1fab17a60c367987e7b1c4ee81982ba027697f7f70d8f18fc7c11042304706b67c6f15dd0bfa4334

  • SSDEEP

    768:+KYN4w3x+5MFnBmfwji0E4ghKi+3VM94MHMVK7beJsX/1H5:+lF305MFBmftg0+ZKeJ8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      81b930a05bcfad48290123ffe08f6d998eef8f277fabd7062449392ef364275eN

    • Size

      45KB

    • MD5

      bfe61b74900c060787d2cc2ef4861b50

    • SHA1

      d2e990d7d8ef6812b185f6e6937c981029d06052

    • SHA256

      81b930a05bcfad48290123ffe08f6d998eef8f277fabd7062449392ef364275e

    • SHA512

      85bdef358e5218f012a81a37646f93d246cd28975ee9d89a1fab17a60c367987e7b1c4ee81982ba027697f7f70d8f18fc7c11042304706b67c6f15dd0bfa4334

    • SSDEEP

      768:+KYN4w3x+5MFnBmfwji0E4ghKi+3VM94MHMVK7beJsX/1H5:+lF305MFBmftg0+ZKeJ8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks