Overview

overview

10

Static

static

3

817ae77549...bN.exe

windows7-x64

10

817ae77549...bN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    817ae7754996936e787acd5cee61e3d6bd2d1932e48e40805cd9d0ada6dd9e0bN

  • Size

    52KB

  • Sample

    241012-e1mqhsxfmn

  • MD5

    62fc5405bc3e8b6ebe824145e4341830

  • SHA1

    3765c24ece88397fcd5ed3fa752a475235f39b0a

  • SHA256

    817ae7754996936e787acd5cee61e3d6bd2d1932e48e40805cd9d0ada6dd9e0b

  • SHA512

    d925db610817324db3af058293628da5169f55698867c2443c32e34c33148f880316d7ff4ae91334a64a98d0d59240fd9a44d1279eec545aa2c303e52ff7ca53

  • SSDEEP

    768:nQakMHCyQaJ/8+Oy9zcRvDR16jVrrTaaTtQ/1H5F/scMABvKWe:nQa92aZ8C9uvDrAtTaaYJMAdKZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      817ae7754996936e787acd5cee61e3d6bd2d1932e48e40805cd9d0ada6dd9e0bN

    • Size

      52KB

    • MD5

      62fc5405bc3e8b6ebe824145e4341830

    • SHA1

      3765c24ece88397fcd5ed3fa752a475235f39b0a

    • SHA256

      817ae7754996936e787acd5cee61e3d6bd2d1932e48e40805cd9d0ada6dd9e0b

    • SHA512

      d925db610817324db3af058293628da5169f55698867c2443c32e34c33148f880316d7ff4ae91334a64a98d0d59240fd9a44d1279eec545aa2c303e52ff7ca53

    • SSDEEP

      768:nQakMHCyQaJ/8+Oy9zcRvDR16jVrrTaaTtQ/1H5F/scMABvKWe:nQa92aZ8C9uvDrAtTaaYJMAdKZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks