Overview

overview

10

Static

static

3

ff1a93f9bd...5N.exe

windows7-x64

10

ff1a93f9bd...5N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ff1a93f9bd381c3ca44e0ca52f316e9b1dec3fb4e8b9698127e01ecf4c090415N

  • Size

    64KB

  • Sample

    240921-ndxrmsyhng

  • MD5

    59b2005e0839c24a66d5fb7a4129ea70

  • SHA1

    23b9f659398242348e6c124e01c80463b5431c76

  • SHA256

    ff1a93f9bd381c3ca44e0ca52f316e9b1dec3fb4e8b9698127e01ecf4c090415

  • SHA512

    11758b93998c8cd032e120d70270c160eb4e2256d2678534488b0b09ed9c678b2e7a5edebfce1fb09c85f8c4dbf43e7a276cfdf4b20ed5ec318e8994409a4f80

  • SSDEEP

    768:Ix8sHr/U1P6uG+HU6MR8PL4NccahgRYJwmnGiVMOrQH3O1VWWtyDh+FdBJFi/1HX:K8VdvHUz7xHe1VWCyDed9osXUwXfzwv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ff1a93f9bd381c3ca44e0ca52f316e9b1dec3fb4e8b9698127e01ecf4c090415N

    • Size

      64KB

    • MD5

      59b2005e0839c24a66d5fb7a4129ea70

    • SHA1

      23b9f659398242348e6c124e01c80463b5431c76

    • SHA256

      ff1a93f9bd381c3ca44e0ca52f316e9b1dec3fb4e8b9698127e01ecf4c090415

    • SHA512

      11758b93998c8cd032e120d70270c160eb4e2256d2678534488b0b09ed9c678b2e7a5edebfce1fb09c85f8c4dbf43e7a276cfdf4b20ed5ec318e8994409a4f80

    • SSDEEP

      768:Ix8sHr/U1P6uG+HU6MR8PL4NccahgRYJwmnGiVMOrQH3O1VWWtyDh+FdBJFi/1HX:K8VdvHUz7xHe1VWCyDed9osXUwXfzwv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks