Overview

overview

10

Static

static

3

374647429e...18.exe

windows7-x64

10

374647429e...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    374647429e9db2cc263ff386fd76504c_JaffaCakes118

  • Size

    45KB

  • Sample

    241011-25acbayhkb

  • MD5

    374647429e9db2cc263ff386fd76504c

  • SHA1

    c22c7c3638c6537b88e4512fbebb7db17ead9f30

  • SHA256

    e4a2ee81dba4c9a8da2e504971435147e0ad5b70aeb61a6e8cf6b89e52376cdb

  • SHA512

    4b06ecf57fde93da92920f477d21cddca881dae44b779f194e9d30a91589245a60eb8512bcaf6de6be8691ae12b103db8833ccdca69fa82c824a2af24bbcdb2b

  • SSDEEP

    768:eSz26aCzlZWKnsf0hWQqT3f3Yk4rUUUvfdCCrqFR+F3/1H5:eSz2jCp87cmfIk4rUUUvf7ryR+FJ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq2.php

http://luk-oil.ru/wcmd.htm

Targets

    • Target

      374647429e9db2cc263ff386fd76504c_JaffaCakes118

    • Size

      45KB

    • MD5

      374647429e9db2cc263ff386fd76504c

    • SHA1

      c22c7c3638c6537b88e4512fbebb7db17ead9f30

    • SHA256

      e4a2ee81dba4c9a8da2e504971435147e0ad5b70aeb61a6e8cf6b89e52376cdb

    • SHA512

      4b06ecf57fde93da92920f477d21cddca881dae44b779f194e9d30a91589245a60eb8512bcaf6de6be8691ae12b103db8833ccdca69fa82c824a2af24bbcdb2b

    • SSDEEP

      768:eSz26aCzlZWKnsf0hWQqT3f3Yk4rUUUvfdCCrqFR+F3/1H5:eSz2jCp87cmfIk4rUUUvf7ryR+FJ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks