Overview

overview

10

Static

static

3

59b7151eb1...dN.exe

windows7-x64

10

59b7151eb1...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59b7151eb1495405fccce6cc6a7b623664ac7cf7c4fa5fa564be78e32d0be3fdN

  • Size

    84KB

  • Sample

    240928-cx8sgascmm

  • MD5

    a8f4b9905ff851a7f4d8c8161eed3df0

  • SHA1

    e9633c75e25a1a4dfe8835252b365332dea560b8

  • SHA256

    59b7151eb1495405fccce6cc6a7b623664ac7cf7c4fa5fa564be78e32d0be3fd

  • SHA512

    9c5d1ae1ae4f1d66159d231e09bcdb73f2283a72b870ea4e029f590d7fa5859d9c95ba5f2a80cd3a2412f0fb0d3bb8d899dd393b3b5b5ad18061faea3d7df2e1

  • SSDEEP

    1536:rJOWNqjX6SthQDQsWjOl11A6gwR78oLZPAm8ANZLvfPDyH6n8dEelLYR7xeGSmU8:rmX6SthQDsjOl1lgOtZPX3PDyH6n8dji

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      59b7151eb1495405fccce6cc6a7b623664ac7cf7c4fa5fa564be78e32d0be3fdN

    • Size

      84KB

    • MD5

      a8f4b9905ff851a7f4d8c8161eed3df0

    • SHA1

      e9633c75e25a1a4dfe8835252b365332dea560b8

    • SHA256

      59b7151eb1495405fccce6cc6a7b623664ac7cf7c4fa5fa564be78e32d0be3fd

    • SHA512

      9c5d1ae1ae4f1d66159d231e09bcdb73f2283a72b870ea4e029f590d7fa5859d9c95ba5f2a80cd3a2412f0fb0d3bb8d899dd393b3b5b5ad18061faea3d7df2e1

    • SSDEEP

      1536:rJOWNqjX6SthQDQsWjOl11A6gwR78oLZPAm8ANZLvfPDyH6n8dEelLYR7xeGSmU8:rmX6SthQDsjOl1lgOtZPX3PDyH6n8dji

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks