Overview

overview

10

Static

static

3

429ca7845e...dN.exe

windows7-x64

10

429ca7845e...dN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    429ca7845ed93741e0a841950a55c41a50f6e8f272d1c46fd862aa2a0adfa63dN

  • Size

    72KB

  • Sample

    241004-kwtwxsvfjp

  • MD5

    df16df3fe8d5d253be99e2ad480462f0

  • SHA1

    47050243df59809ddc7781d2d69b2dc4c8b5d702

  • SHA256

    429ca7845ed93741e0a841950a55c41a50f6e8f272d1c46fd862aa2a0adfa63d

  • SHA512

    5b8efb8781dd22fabad508762c9776716502f975e5ccff85ca1b5aa077216814232c8bdacebc21e58c8a8263f16c9ab308ef3b2eb2b3538b17a0b7954c563a90

  • SSDEEP

    1536:FQf95A72tD2A4/qP6HAcyc9xKOPgUN3QivEtA:2fz2rA4/E4NhxKOPgU5QJA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      429ca7845ed93741e0a841950a55c41a50f6e8f272d1c46fd862aa2a0adfa63dN

    • Size

      72KB

    • MD5

      df16df3fe8d5d253be99e2ad480462f0

    • SHA1

      47050243df59809ddc7781d2d69b2dc4c8b5d702

    • SHA256

      429ca7845ed93741e0a841950a55c41a50f6e8f272d1c46fd862aa2a0adfa63d

    • SHA512

      5b8efb8781dd22fabad508762c9776716502f975e5ccff85ca1b5aa077216814232c8bdacebc21e58c8a8263f16c9ab308ef3b2eb2b3538b17a0b7954c563a90

    • SSDEEP

      1536:FQf95A72tD2A4/qP6HAcyc9xKOPgUN3QivEtA:2fz2rA4/E4NhxKOPgU5QJA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks