Overview

overview

10

Static

static

3

b4e76d460d...8N.exe

windows7-x64

10

b4e76d460d...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4e76d460d58c7dd50d00dd43e45b40cd457a80648614f6d0f38b3db71c57028N

  • Size

    69KB

  • Sample

    241005-2f7arazarh

  • MD5

    5d7e7fc5272585c800601c21a368bb40

  • SHA1

    a9ff4bf957dff4ade7e1aaa56b5039a63c4b717d

  • SHA256

    b4e76d460d58c7dd50d00dd43e45b40cd457a80648614f6d0f38b3db71c57028

  • SHA512

    e350df0a9bdbfd340063570cc62efed07674bcb51c7b9acfaf4a5cf82cc8c23d82325ea792eca05670bb86543929cae215017f0d9c4cabe6edc1189b87910935

  • SSDEEP

    1536:JQCtgLc1kIQ3Wt7y/ZXORKTNPgUN3QivEg:JQCtIcilw7y/ZNPgU5QM

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b4e76d460d58c7dd50d00dd43e45b40cd457a80648614f6d0f38b3db71c57028N

    • Size

      69KB

    • MD5

      5d7e7fc5272585c800601c21a368bb40

    • SHA1

      a9ff4bf957dff4ade7e1aaa56b5039a63c4b717d

    • SHA256

      b4e76d460d58c7dd50d00dd43e45b40cd457a80648614f6d0f38b3db71c57028

    • SHA512

      e350df0a9bdbfd340063570cc62efed07674bcb51c7b9acfaf4a5cf82cc8c23d82325ea792eca05670bb86543929cae215017f0d9c4cabe6edc1189b87910935

    • SSDEEP

      1536:JQCtgLc1kIQ3Wt7y/ZXORKTNPgUN3QivEg:JQCtIcilw7y/ZNPgU5QM

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks