Overview

overview

10

Static

static

3

ce80126430...cN.exe

windows7-x64

10

ce80126430...cN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ce80126430d9f68873339e882ee93cc12a65ddfeeae8d52c940cc7058106c70cN

  • Size

    512KB

  • Sample

    240929-3nz23swemj

  • MD5

    b8d5971297bc5094495a752d91f0e420

  • SHA1

    397bd5b851dbc6b752913236fad1b66922a15bfd

  • SHA256

    ce80126430d9f68873339e882ee93cc12a65ddfeeae8d52c940cc7058106c70c

  • SHA512

    a527c43d208d419d7db56fa7b4dea24487d08055509ac513c3b0f8523457e99742a92655565ce5a4d4b8601cec2f02bae2e39b3ed098f8cda4e65dcf03f47fb1

  • SSDEEP

    6144:Js5vTRwwfEUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:JMvTqOUG5t1sI5yl48pArv8o4L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ce80126430d9f68873339e882ee93cc12a65ddfeeae8d52c940cc7058106c70cN

    • Size

      512KB

    • MD5

      b8d5971297bc5094495a752d91f0e420

    • SHA1

      397bd5b851dbc6b752913236fad1b66922a15bfd

    • SHA256

      ce80126430d9f68873339e882ee93cc12a65ddfeeae8d52c940cc7058106c70c

    • SHA512

      a527c43d208d419d7db56fa7b4dea24487d08055509ac513c3b0f8523457e99742a92655565ce5a4d4b8601cec2f02bae2e39b3ed098f8cda4e65dcf03f47fb1

    • SSDEEP

      6144:Js5vTRwwfEUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:JMvTqOUG5t1sI5yl48pArv8o4L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks