Overview

overview

10

Static

static

3

a5b4c207e1...bN.exe

windows7-x64

10

a5b4c207e1...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5b4c207e117b4841536ecb72a5ab4bd0a0760837d0fbce22e1645d4e4b60babN

  • Size

    69KB

  • Sample

    241009-hccr7ashna

  • MD5

    71a095a18a5d083ef528af0366cd7710

  • SHA1

    ca37c1de45eb68726271adc598918cf107b1f315

  • SHA256

    a5b4c207e117b4841536ecb72a5ab4bd0a0760837d0fbce22e1645d4e4b60bab

  • SHA512

    f8a66203e8c62e1b0c91aa4949ad6fceda5203576dd0fba0cefc7a3e830421d1ba172bc5239ae75df5b0973b98bd6bf5c344bc4b67e954f13ac955559234569f

  • SSDEEP

    1536:bvo56+eenrZyTt3Bl0PNein/GFZCeDAyN:LYe1NBl0PNFn/GFZC1yN

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a5b4c207e117b4841536ecb72a5ab4bd0a0760837d0fbce22e1645d4e4b60babN

    • Size

      69KB

    • MD5

      71a095a18a5d083ef528af0366cd7710

    • SHA1

      ca37c1de45eb68726271adc598918cf107b1f315

    • SHA256

      a5b4c207e117b4841536ecb72a5ab4bd0a0760837d0fbce22e1645d4e4b60bab

    • SHA512

      f8a66203e8c62e1b0c91aa4949ad6fceda5203576dd0fba0cefc7a3e830421d1ba172bc5239ae75df5b0973b98bd6bf5c344bc4b67e954f13ac955559234569f

    • SSDEEP

      1536:bvo56+eenrZyTt3Bl0PNein/GFZCeDAyN:LYe1NBl0PNFn/GFZC1yN

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks