Overview

overview

10

Static

static

3

0681498e2d...dN.exe

windows7-x64

10

0681498e2d...dN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0681498e2d2d343eb31f3883e24549502cb49f42ea502ed13393453fed0c549dN

  • Size

    704KB

  • Sample

    241001-vv2kgsvema

  • MD5

    535ec51c6fddab7f61196824a6db4db0

  • SHA1

    5a94245de62309074530c2ba0d0a6af4d17369cb

  • SHA256

    0681498e2d2d343eb31f3883e24549502cb49f42ea502ed13393453fed0c549d

  • SHA512

    0cd66e7078ea16c7126a5543c907317ed0273f6f7cf25ad3d513600f84c75adb485ccedb4f8965b42dae55de361486d91f26451b0774c759fce7db7dcd8bdabc

  • SSDEEP

    12288:wraph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20R0Z:4aph2kkkkK4kXkkkkkkkkhLX3a20R0vh

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0681498e2d2d343eb31f3883e24549502cb49f42ea502ed13393453fed0c549dN

    • Size

      704KB

    • MD5

      535ec51c6fddab7f61196824a6db4db0

    • SHA1

      5a94245de62309074530c2ba0d0a6af4d17369cb

    • SHA256

      0681498e2d2d343eb31f3883e24549502cb49f42ea502ed13393453fed0c549d

    • SHA512

      0cd66e7078ea16c7126a5543c907317ed0273f6f7cf25ad3d513600f84c75adb485ccedb4f8965b42dae55de361486d91f26451b0774c759fce7db7dcd8bdabc

    • SSDEEP

      12288:wraph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20R0Z:4aph2kkkkK4kXkkkkkkkkhLX3a20R0vh

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks