Overview

overview

10

Static

static

10

92308c18be...2N.exe

windows7-x64

10

92308c18be...2N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    92308c18bea7ccdf8255fe8ac5d7a4390e7ccbc992d701190a01c15dcefdf122N

  • Size

    128KB

  • Sample

    241010-cs4yqaveld

  • MD5

    f449b00c55e839421fd75780a6683df0

  • SHA1

    d42e2aabd80ae0a61ca11f021c19c241b8b25aa5

  • SHA256

    92308c18bea7ccdf8255fe8ac5d7a4390e7ccbc992d701190a01c15dcefdf122

  • SHA512

    a06c2c482cb243b39158c04b8be99b549aef289000e39bbdc6a405ba6fea1263572ab351f77c06cc5c43a96773efe12a7111ec97b42bfc885bd76f08e04ab597

  • SSDEEP

    1536:En0h2lPmS+Je+UN8mfYE1RMfQffaaajpxCQSQjILQ9FKGXllUDtM60TD4ruhiZls:vJdnmgEYPRKG7UDd0pCrQIFdFtLQ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      92308c18bea7ccdf8255fe8ac5d7a4390e7ccbc992d701190a01c15dcefdf122N

    • Size

      128KB

    • MD5

      f449b00c55e839421fd75780a6683df0

    • SHA1

      d42e2aabd80ae0a61ca11f021c19c241b8b25aa5

    • SHA256

      92308c18bea7ccdf8255fe8ac5d7a4390e7ccbc992d701190a01c15dcefdf122

    • SHA512

      a06c2c482cb243b39158c04b8be99b549aef289000e39bbdc6a405ba6fea1263572ab351f77c06cc5c43a96773efe12a7111ec97b42bfc885bd76f08e04ab597

    • SSDEEP

      1536:En0h2lPmS+Je+UN8mfYE1RMfQffaaajpxCQSQjILQ9FKGXllUDtM60TD4ruhiZls:vJdnmgEYPRKG7UDd0pCrQIFdFtLQ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks