Overview

overview

10

Static

static

3

60a08b4090...cN.exe

windows7-x64

10

60a08b4090...cN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    60a08b409013164d0406030e1956711529701792cdd0822e4beeabc65f02b4ccN

  • Size

    63KB

  • Sample

    241010-h1pfwswfln

  • MD5

    425c6f11ea9eca2943c4e511242731a0

  • SHA1

    e1ee99fafac5d3e834cd5bf0afe383eba6535300

  • SHA256

    60a08b409013164d0406030e1956711529701792cdd0822e4beeabc65f02b4cc

  • SHA512

    496f38ac53d06e1f84e083f50d55e0210bbfbeed9b459707d7ae1a6a216424bab5360e2f724b918705f51e09ac691080758bd4aa5bd685f3d9fa285dd92002e5

  • SSDEEP

    768:Z3/pt+LZUtg5nAOUAOwnN/JlTedPPMeNtkM/1H5oVEhmrUTvn93b7NRDMFME3eUf:Z3/p46UATAOwnN/zqM1C+VBEn9rjDHE

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      60a08b409013164d0406030e1956711529701792cdd0822e4beeabc65f02b4ccN

    • Size

      63KB

    • MD5

      425c6f11ea9eca2943c4e511242731a0

    • SHA1

      e1ee99fafac5d3e834cd5bf0afe383eba6535300

    • SHA256

      60a08b409013164d0406030e1956711529701792cdd0822e4beeabc65f02b4cc

    • SHA512

      496f38ac53d06e1f84e083f50d55e0210bbfbeed9b459707d7ae1a6a216424bab5360e2f724b918705f51e09ac691080758bd4aa5bd685f3d9fa285dd92002e5

    • SSDEEP

      768:Z3/pt+LZUtg5nAOUAOwnN/JlTedPPMeNtkM/1H5oVEhmrUTvn93b7NRDMFME3eUf:Z3/p46UATAOwnN/zqM1C+VBEn9rjDHE

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks