Overview

overview

10

Static

static

3

49f28c0769...0N.exe

windows7-x64

10

49f28c0769...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    49f28c0769cfe6040bbd811d4b88505a40cc80d183ec32d89e74c2f0910fd390N.exe

  • Size

    320KB

  • Sample

    240925-dsc1nsvejc

  • MD5

    675250c8adb4cfbc07f774b4228d4bc0

  • SHA1

    79d92a3fa7dce2b4cfb7a8465783f8a20a3c2fa1

  • SHA256

    49f28c0769cfe6040bbd811d4b88505a40cc80d183ec32d89e74c2f0910fd390

  • SHA512

    de1952f48799c544a612df819c24fd47673831f73f495342d58a54e45dbaa8ea6c7e48eda8dcda5942702c6ca5988889516d0ccc38a9386e7b772dda86d9d900

  • SSDEEP

    6144:9u2SY3966s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nh:w2S0H705kWM/9J6gqGBf/h

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      49f28c0769cfe6040bbd811d4b88505a40cc80d183ec32d89e74c2f0910fd390N.exe

    • Size

      320KB

    • MD5

      675250c8adb4cfbc07f774b4228d4bc0

    • SHA1

      79d92a3fa7dce2b4cfb7a8465783f8a20a3c2fa1

    • SHA256

      49f28c0769cfe6040bbd811d4b88505a40cc80d183ec32d89e74c2f0910fd390

    • SHA512

      de1952f48799c544a612df819c24fd47673831f73f495342d58a54e45dbaa8ea6c7e48eda8dcda5942702c6ca5988889516d0ccc38a9386e7b772dda86d9d900

    • SSDEEP

      6144:9u2SY3966s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nh:w2S0H705kWM/9J6gqGBf/h

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks