Overview

overview

10

Static

static

3

474e106483...aN.exe

windows7-x64

10

474e106483...aN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    474e106483f1f6eb052c9b9874ec2a7db21cdf1314af51edac0f7e5b2528897aN

  • Size

    64KB

  • Sample

    241009-nh2amaxglg

  • MD5

    69304e5ac00d02ee9c03d62f0d264dd0

  • SHA1

    ec00a60986cb71b13fbf9ea32d482dbec1badef6

  • SHA256

    474e106483f1f6eb052c9b9874ec2a7db21cdf1314af51edac0f7e5b2528897a

  • SHA512

    0888808ad9b8730a636f8e4050031cf0579c78c8593138ea41036b8a0f23c75be794f282120987b13ba10fae02caad5e8a73663598c9b5f1c65d49bf3f499fc1

  • SSDEEP

    1536:y6Cw6YgqZ/EJbEBltwlLBsLnVLdGUHyNwi:VC9YJZ/jLtwlLBsLnVUUHyNwi

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      474e106483f1f6eb052c9b9874ec2a7db21cdf1314af51edac0f7e5b2528897aN

    • Size

      64KB

    • MD5

      69304e5ac00d02ee9c03d62f0d264dd0

    • SHA1

      ec00a60986cb71b13fbf9ea32d482dbec1badef6

    • SHA256

      474e106483f1f6eb052c9b9874ec2a7db21cdf1314af51edac0f7e5b2528897a

    • SHA512

      0888808ad9b8730a636f8e4050031cf0579c78c8593138ea41036b8a0f23c75be794f282120987b13ba10fae02caad5e8a73663598c9b5f1c65d49bf3f499fc1

    • SSDEEP

      1536:y6Cw6YgqZ/EJbEBltwlLBsLnVLdGUHyNwi:VC9YJZ/jLtwlLBsLnVUUHyNwi

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks