Overview

overview

10

Static

static

3

9ea4693a94...cN.exe

windows7-x64

10

9ea4693a94...cN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9ea4693a940b221f1e2e71c820523081534f2b7934546c6b0e82e253d4544edcN

  • Size

    59KB

  • Sample

    241005-jz73aavbmj

  • MD5

    7f577e9536555032919c49d506f0d3c0

  • SHA1

    3b83de12fcae3344a2636c39bf123fe195f1719d

  • SHA256

    9ea4693a940b221f1e2e71c820523081534f2b7934546c6b0e82e253d4544edc

  • SHA512

    ea84f67d66b1a1f2ab11ab23f6deb25235f96b59b1113c017928079d9f7760b7871f5f6675b857cdacac9fc4bbe8424891486c0bca24886cb3cec3a3b83237d1

  • SSDEEP

    768:RKjkmuDN8GkOfPqm1IyhUxkCS0tYDDDcAepfEg/cbu1JZ/1H57E5nf1fZMEBFEL7:PmuDyXO7ZhhCSXXclmCcy1BaNCyVs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9ea4693a940b221f1e2e71c820523081534f2b7934546c6b0e82e253d4544edcN

    • Size

      59KB

    • MD5

      7f577e9536555032919c49d506f0d3c0

    • SHA1

      3b83de12fcae3344a2636c39bf123fe195f1719d

    • SHA256

      9ea4693a940b221f1e2e71c820523081534f2b7934546c6b0e82e253d4544edc

    • SHA512

      ea84f67d66b1a1f2ab11ab23f6deb25235f96b59b1113c017928079d9f7760b7871f5f6675b857cdacac9fc4bbe8424891486c0bca24886cb3cec3a3b83237d1

    • SSDEEP

      768:RKjkmuDN8GkOfPqm1IyhUxkCS0tYDDDcAepfEg/cbu1JZ/1H57E5nf1fZMEBFEL7:PmuDyXO7ZhhCSXXclmCcy1BaNCyVs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks