Overview

overview

10

Static

static

3

889d88a144...fN.exe

windows7-x64

10

889d88a144...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    889d88a144ecf3c60b3e1d94218ca334ead445488c72189112ea2262723ed0ffN

  • Size

    91KB

  • Sample

    240921-r85yaaybpq

  • MD5

    ff8ad43f2b92cd6d8ae7fdacad717fc0

  • SHA1

    3b107149e555d82d353c4b14b73ac0f7ebb173a8

  • SHA256

    889d88a144ecf3c60b3e1d94218ca334ead445488c72189112ea2262723ed0ff

  • SHA512

    f8efa2f7e982457dcb069c851beceff30a86af38c37c4612d37f7c9c47f88471e8ccf1a979fcdae7f7ee1074f7e195c00a2bef2e56369eee6321646eb7a7c8da

  • SSDEEP

    1536:0McVg5aIQBbpScR8fTTmrzvlbSnGeSF9X+kzEVfXqhS:bR5a1PSc/nlbkGeQ9ubfXr

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      889d88a144ecf3c60b3e1d94218ca334ead445488c72189112ea2262723ed0ffN

    • Size

      91KB

    • MD5

      ff8ad43f2b92cd6d8ae7fdacad717fc0

    • SHA1

      3b107149e555d82d353c4b14b73ac0f7ebb173a8

    • SHA256

      889d88a144ecf3c60b3e1d94218ca334ead445488c72189112ea2262723ed0ff

    • SHA512

      f8efa2f7e982457dcb069c851beceff30a86af38c37c4612d37f7c9c47f88471e8ccf1a979fcdae7f7ee1074f7e195c00a2bef2e56369eee6321646eb7a7c8da

    • SSDEEP

      1536:0McVg5aIQBbpScR8fTTmrzvlbSnGeSF9X+kzEVfXqhS:bR5a1PSc/nlbkGeQ9ubfXr

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks