Overview

overview

10

Static

static

3

55f9ec203d...6N.exe

windows7-x64

10

55f9ec203d...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55f9ec203df4cf7bded5c95542b96fe9ef1b6c122f187c1a915a924309d6fa86N

  • Size

    67KB

  • Sample

    241010-qdw68axbjf

  • MD5

    cfaed035008fcc21b5b637456c7f0c00

  • SHA1

    674cddd203bcdbb88001b1c4ad3b47b2f405d18a

  • SHA256

    55f9ec203df4cf7bded5c95542b96fe9ef1b6c122f187c1a915a924309d6fa86

  • SHA512

    669fe1fc9aa14aaa1efdcc7f5547cb0b8aa4c44fe29b384409c68fbe6bf1aadcdf938a328c89ec3a2a50c315ee81abe851e4e518a57a1c4cbb2680dd66360c93

  • SSDEEP

    1536:qoJoMVqSypivzgRAc4Z2UZTfysJifTduD4oTxw:qoeDQgUBysJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      55f9ec203df4cf7bded5c95542b96fe9ef1b6c122f187c1a915a924309d6fa86N

    • Size

      67KB

    • MD5

      cfaed035008fcc21b5b637456c7f0c00

    • SHA1

      674cddd203bcdbb88001b1c4ad3b47b2f405d18a

    • SHA256

      55f9ec203df4cf7bded5c95542b96fe9ef1b6c122f187c1a915a924309d6fa86

    • SHA512

      669fe1fc9aa14aaa1efdcc7f5547cb0b8aa4c44fe29b384409c68fbe6bf1aadcdf938a328c89ec3a2a50c315ee81abe851e4e518a57a1c4cbb2680dd66360c93

    • SSDEEP

      1536:qoJoMVqSypivzgRAc4Z2UZTfysJifTduD4oTxw:qoeDQgUBysJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks