Overview

overview

10

Static

static

3

04a7c0a981...8N.exe

windows7-x64

10

04a7c0a981...8N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    04a7c0a9811504a1681227932e4c9129d79f991567d4cf050c6782c68b29c208N

  • Size

    49KB

  • Sample

    241010-hcamtsvhqn

  • MD5

    e20310ca319d982a77ea08304e3b4eb0

  • SHA1

    0d1918c10966357232180970ca7528697e75d682

  • SHA256

    04a7c0a9811504a1681227932e4c9129d79f991567d4cf050c6782c68b29c208

  • SHA512

    bc40f98e58697540a0373e91351d86506dd36868e449a3d9ee19d030997539d6401f0b2972cca546d408610a6d57923b1ac0a55fd8e8139aa1464a90faa78972

  • SSDEEP

    768:Ex9dr9pH0qIgfh5j84c1pjg4zI57hrsUqr/BFs/1H5J2Xdnh7:Ej1Igp5j8RDIx1YBIgl

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      04a7c0a9811504a1681227932e4c9129d79f991567d4cf050c6782c68b29c208N

    • Size

      49KB

    • MD5

      e20310ca319d982a77ea08304e3b4eb0

    • SHA1

      0d1918c10966357232180970ca7528697e75d682

    • SHA256

      04a7c0a9811504a1681227932e4c9129d79f991567d4cf050c6782c68b29c208

    • SHA512

      bc40f98e58697540a0373e91351d86506dd36868e449a3d9ee19d030997539d6401f0b2972cca546d408610a6d57923b1ac0a55fd8e8139aa1464a90faa78972

    • SSDEEP

      768:Ex9dr9pH0qIgfh5j84c1pjg4zI57hrsUqr/BFs/1H5J2Xdnh7:Ej1Igp5j8RDIx1YBIgl

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks