Overview

overview

10

Static

static

3

d47bec6be3...2c.exe

windows7-x64

10

d47bec6be3...2c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d47bec6be323a58b052cf29d588c61d9636633f74b40e79d799b2fb7f6f5662c

  • Size

    250KB

  • Sample

    240928-cys4eavcqa

  • MD5

    16705b1b408d58f935c8d28ff706a84f

  • SHA1

    00dbd27210c747ba6359514c66989cbb6ca688b7

  • SHA256

    d47bec6be323a58b052cf29d588c61d9636633f74b40e79d799b2fb7f6f5662c

  • SHA512

    7abcf271d90cd5f6dec95a9c0da2c938e4d5d3c1ee9308cc818cc4d3fc06ed4e33c5a1bd3c79839a979ca5034cd37859fb4e55eb272ff3c4fd94302fa875daf7

  • SSDEEP

    6144:1NWxwAvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:1Yg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      d47bec6be323a58b052cf29d588c61d9636633f74b40e79d799b2fb7f6f5662c

    • Size

      250KB

    • MD5

      16705b1b408d58f935c8d28ff706a84f

    • SHA1

      00dbd27210c747ba6359514c66989cbb6ca688b7

    • SHA256

      d47bec6be323a58b052cf29d588c61d9636633f74b40e79d799b2fb7f6f5662c

    • SHA512

      7abcf271d90cd5f6dec95a9c0da2c938e4d5d3c1ee9308cc818cc4d3fc06ed4e33c5a1bd3c79839a979ca5034cd37859fb4e55eb272ff3c4fd94302fa875daf7

    • SSDEEP

      6144:1NWxwAvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:1Yg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks