Overview

overview

10

Static

static

3

d79fe45059...eN.exe

windows7-x64

10

d79fe45059...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d79fe45059769d7ac94718c1df671c5ba1915b8fb31a014ff8519dd356c5f3beN

  • Size

    512KB

  • Sample

    240927-g85bmszanp

  • MD5

    d2c98b55ab9755231e35c385fc9c36d0

  • SHA1

    cd3033244ae37b8829cf10a0e5ef589bae21e748

  • SHA256

    d79fe45059769d7ac94718c1df671c5ba1915b8fb31a014ff8519dd356c5f3be

  • SHA512

    dd2a1daa26b9400e847f114d71717e62c4ff661ee7738fa7fc0915ef9285abce38157d10ba7f3eb1f86f09c31517dec4b75ebe61b782872fca96e9a535bee424

  • SSDEEP

    6144:iG6KtKHn853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:iG9KHQBpnchWcZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      d79fe45059769d7ac94718c1df671c5ba1915b8fb31a014ff8519dd356c5f3beN

    • Size

      512KB

    • MD5

      d2c98b55ab9755231e35c385fc9c36d0

    • SHA1

      cd3033244ae37b8829cf10a0e5ef589bae21e748

    • SHA256

      d79fe45059769d7ac94718c1df671c5ba1915b8fb31a014ff8519dd356c5f3be

    • SHA512

      dd2a1daa26b9400e847f114d71717e62c4ff661ee7738fa7fc0915ef9285abce38157d10ba7f3eb1f86f09c31517dec4b75ebe61b782872fca96e9a535bee424

    • SSDEEP

      6144:iG6KtKHn853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZ:iG9KHQBpnchWcZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks