Overview

overview

10

Static

static

3

dea01a1bf5...9N.exe

windows7-x64

10

dea01a1bf5...9N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dea01a1bf5b59e0fc8b7b4084a7e71973f4b7de448425c06cf9a4b3580df7a19N

  • Size

    45KB

  • Sample

    240927-dt3bysvhpe

  • MD5

    d59287d27432be63797c83898083a810

  • SHA1

    bc62ced1f07466d1c60f1e79f3e9046d410e3688

  • SHA256

    dea01a1bf5b59e0fc8b7b4084a7e71973f4b7de448425c06cf9a4b3580df7a19

  • SHA512

    a0dc725f3af0dc027941bde53c7e485aa88b7248e1dd48fee7538a0c8b6170794cf42538ab3c37fd5eac1a44a76db2869c84a9343910b275e721faeaa0f74f65

  • SSDEEP

    768:Sd8vnRFcf5xRRGtVOFPQepzpPqQzzFiHJ+Jmgqg6j5QzBQjIahcm/CeUa/1H56:Sd8ej0OFfpxRs+JmirDaGgs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      dea01a1bf5b59e0fc8b7b4084a7e71973f4b7de448425c06cf9a4b3580df7a19N

    • Size

      45KB

    • MD5

      d59287d27432be63797c83898083a810

    • SHA1

      bc62ced1f07466d1c60f1e79f3e9046d410e3688

    • SHA256

      dea01a1bf5b59e0fc8b7b4084a7e71973f4b7de448425c06cf9a4b3580df7a19

    • SHA512

      a0dc725f3af0dc027941bde53c7e485aa88b7248e1dd48fee7538a0c8b6170794cf42538ab3c37fd5eac1a44a76db2869c84a9343910b275e721faeaa0f74f65

    • SSDEEP

      768:Sd8vnRFcf5xRRGtVOFPQepzpPqQzzFiHJ+Jmgqg6j5QzBQjIahcm/CeUa/1H56:Sd8ej0OFfpxRs+JmirDaGgs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks