Overview

overview

10

Static

static

3

48638f8fe4...aN.exe

windows7-x64

10

48638f8fe4...aN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    48638f8fe4f38aafe73ba5a0debd261824b21861fb63e9af62db67f2b8a7532aN

  • Size

    422KB

  • Sample

    241005-as9g4avdkr

  • MD5

    a54470b419c85d45e5f8bcabe55d5490

  • SHA1

    ed640692f63bc956c0c1c4f89f0d6ef7346398fe

  • SHA256

    48638f8fe4f38aafe73ba5a0debd261824b21861fb63e9af62db67f2b8a7532a

  • SHA512

    ca97dfbffcf2fbee36061e2793d4396bc1ef3c23d59130b5d0fd471b61807d138969de6ef7c6fbe01d0bac0a929afd829a04fca4e77ad87f4bcafe29fb0abda9

  • SSDEEP

    6144:9ARsBLWfFbabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZq:9ARECdGaXgA4XfczXgA4XA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      48638f8fe4f38aafe73ba5a0debd261824b21861fb63e9af62db67f2b8a7532aN

    • Size

      422KB

    • MD5

      a54470b419c85d45e5f8bcabe55d5490

    • SHA1

      ed640692f63bc956c0c1c4f89f0d6ef7346398fe

    • SHA256

      48638f8fe4f38aafe73ba5a0debd261824b21861fb63e9af62db67f2b8a7532a

    • SHA512

      ca97dfbffcf2fbee36061e2793d4396bc1ef3c23d59130b5d0fd471b61807d138969de6ef7c6fbe01d0bac0a929afd829a04fca4e77ad87f4bcafe29fb0abda9

    • SSDEEP

      6144:9ARsBLWfFbabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZq:9ARECdGaXgA4XfczXgA4XA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks