Overview

overview

10

Static

static

10

463dd8f989...bN.exe

windows7-x64

10

463dd8f989...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    463dd8f989679300e39535fb085629f92b5b45c7d56550f3ac1ee5287efd70ebN

  • Size

    194KB

  • Sample

    240921-ted9ks1aka

  • MD5

    bfbd1bda800da2e516198b746cc6e720

  • SHA1

    efe38f34c7b57caed7d6082ce4ea350136d7a295

  • SHA256

    463dd8f989679300e39535fb085629f92b5b45c7d56550f3ac1ee5287efd70eb

  • SHA512

    199c6aa978cb621ede29d4ab4b839c815efe8118a2cc224589ef5c2e702e27722d6685c099a8656c4576390671e62024fad2d904f096b09337f0b9cec9855a63

  • SSDEEP

    3072:3UQws28Kzc9ZCmMIM/kEmMIGumMIc/1GV:3UQwJ8Kzc9ZC5/pbuh/UV

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      463dd8f989679300e39535fb085629f92b5b45c7d56550f3ac1ee5287efd70ebN

    • Size

      194KB

    • MD5

      bfbd1bda800da2e516198b746cc6e720

    • SHA1

      efe38f34c7b57caed7d6082ce4ea350136d7a295

    • SHA256

      463dd8f989679300e39535fb085629f92b5b45c7d56550f3ac1ee5287efd70eb

    • SHA512

      199c6aa978cb621ede29d4ab4b839c815efe8118a2cc224589ef5c2e702e27722d6685c099a8656c4576390671e62024fad2d904f096b09337f0b9cec9855a63

    • SSDEEP

      3072:3UQws28Kzc9ZCmMIM/kEmMIGumMIc/1GV:3UQwJ8Kzc9ZC5/pbuh/UV

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks