Overview

overview

10

Static

static

3

1fe93ddfd5...8N.exe

windows7-x64

10

1fe93ddfd5...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fe93ddfd587fac442405c693fbfec536ae600bb04bfda64d4d5954f27bc37e8N

  • Size

    67KB

  • Sample

    240930-k5wf4sxapr

  • MD5

    a6a7f1d71bef5c87790a30695de4f2e0

  • SHA1

    37ad9182ead50923ce42266515e7dde3cca4fb42

  • SHA256

    1fe93ddfd587fac442405c693fbfec536ae600bb04bfda64d4d5954f27bc37e8

  • SHA512

    49eb7373330c4507452a4b2289a40a1942d669ed40b2739fcd85a762173d98acf8da685eba8a86596f4a56e5d1b00c103cc8951be09ec71dc88167c78f9afc2e

  • SSDEEP

    1536:xcjW5+KdFH30n4kKWAkPhIkTRsJifTduD4oTxw:yjW5+KdFX1+RsJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1fe93ddfd587fac442405c693fbfec536ae600bb04bfda64d4d5954f27bc37e8N

    • Size

      67KB

    • MD5

      a6a7f1d71bef5c87790a30695de4f2e0

    • SHA1

      37ad9182ead50923ce42266515e7dde3cca4fb42

    • SHA256

      1fe93ddfd587fac442405c693fbfec536ae600bb04bfda64d4d5954f27bc37e8

    • SHA512

      49eb7373330c4507452a4b2289a40a1942d669ed40b2739fcd85a762173d98acf8da685eba8a86596f4a56e5d1b00c103cc8951be09ec71dc88167c78f9afc2e

    • SSDEEP

      1536:xcjW5+KdFH30n4kKWAkPhIkTRsJifTduD4oTxw:yjW5+KdFX1+RsJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks