Overview

overview

10

Static

static

3

f32548d8e7...aN.exe

windows7-x64

10

f32548d8e7...aN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f32548d8e7c517a78cc9a3da2ecda2774bf9c2ac839690aa21b330e01eee710aN.exe

  • Size

    45KB

  • Sample

    240925-11nhpszgkq

  • MD5

    59fad762d655639fe7cc845441137e20

  • SHA1

    2cd73ac282cde41e501bb20bd5445117a526d89f

  • SHA256

    f32548d8e7c517a78cc9a3da2ecda2774bf9c2ac839690aa21b330e01eee710a

  • SHA512

    7fe6ac68ed1507e239895be60b0194a81c9936a9b5f721b50a1dc087040763ae67eaa1cee72159cf9a6f4d823f3a3ae4bfe4ebdd8d15180802aa478bb5df12d4

  • SSDEEP

    768:E0Yke0QLxBu0VYtSceOL7FlMEV18YTJ5ZPJ7Afx/1H5Ff:xEzu0VoJLplMEPT+3f

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f32548d8e7c517a78cc9a3da2ecda2774bf9c2ac839690aa21b330e01eee710aN.exe

    • Size

      45KB

    • MD5

      59fad762d655639fe7cc845441137e20

    • SHA1

      2cd73ac282cde41e501bb20bd5445117a526d89f

    • SHA256

      f32548d8e7c517a78cc9a3da2ecda2774bf9c2ac839690aa21b330e01eee710a

    • SHA512

      7fe6ac68ed1507e239895be60b0194a81c9936a9b5f721b50a1dc087040763ae67eaa1cee72159cf9a6f4d823f3a3ae4bfe4ebdd8d15180802aa478bb5df12d4

    • SSDEEP

      768:E0Yke0QLxBu0VYtSceOL7FlMEV18YTJ5ZPJ7Afx/1H5Ff:xEzu0VoJLplMEPT+3f

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks