Overview

overview

10

Static

static

3

fcf11ab2ee...fN.exe

windows7-x64

10

fcf11ab2ee...fN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fcf11ab2eef392c429a5329e240a27ba091349374a1f46c80af1f1e984bc33efN.exe

  • Size

    91KB

  • Sample

    241001-cys4eazhqa

  • MD5

    815f8ef4f31fafc2dd1fd84cd6455240

  • SHA1

    45e3f6fc6fe96c552d899980965a09dc3127c2ee

  • SHA256

    fcf11ab2eef392c429a5329e240a27ba091349374a1f46c80af1f1e984bc33ef

  • SHA512

    5f4b49faa74f6f511dfeca0293ba379b3675e4fb23287035491c041532f9eae944231db0c0fe616d93b0d274b4564d9bba5fb4b47e2ade4cd177fff4dbaa07fc

  • SSDEEP

    1536:yKRg7+UaaOoUdpBw5t3Q5j90m+1ghnqObmVy9Zt9cx0XBQZFo:NgfHODdpIpQ5j90NCkEux0XBQZu

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fcf11ab2eef392c429a5329e240a27ba091349374a1f46c80af1f1e984bc33efN.exe

    • Size

      91KB

    • MD5

      815f8ef4f31fafc2dd1fd84cd6455240

    • SHA1

      45e3f6fc6fe96c552d899980965a09dc3127c2ee

    • SHA256

      fcf11ab2eef392c429a5329e240a27ba091349374a1f46c80af1f1e984bc33ef

    • SHA512

      5f4b49faa74f6f511dfeca0293ba379b3675e4fb23287035491c041532f9eae944231db0c0fe616d93b0d274b4564d9bba5fb4b47e2ade4cd177fff4dbaa07fc

    • SSDEEP

      1536:yKRg7+UaaOoUdpBw5t3Q5j90m+1ghnqObmVy9Zt9cx0XBQZFo:NgfHODdpIpQ5j90NCkEux0XBQZu

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks