Overview

overview

10

Static

static

3

94cfbb7fcd...2N.exe

windows7-x64

10

94cfbb7fcd...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94cfbb7fcdd463921440465fe15e147244ec09155324186d16eb7bfa70f2b302N

  • Size

    67KB

  • Sample

    241012-kqmwessdrf

  • MD5

    6c71650f93b7667f679988f8d417c8f0

  • SHA1

    745f1ca6894f0123813de621b18aa46f46bf7dca

  • SHA256

    94cfbb7fcdd463921440465fe15e147244ec09155324186d16eb7bfa70f2b302

  • SHA512

    4acc98c35d1a75701ae7ba248dfac71b332c556b8767e901c8ed7f9069cf120aefb666f5f8d0041b47fa249f2b372f0fe9b175ab5cc12c70b970d06972f9fdc9

  • SSDEEP

    1536:h29uP13gZd7R4N5inOh9KsJifTduD4oTxw:Iu3q18NKsJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      94cfbb7fcdd463921440465fe15e147244ec09155324186d16eb7bfa70f2b302N

    • Size

      67KB

    • MD5

      6c71650f93b7667f679988f8d417c8f0

    • SHA1

      745f1ca6894f0123813de621b18aa46f46bf7dca

    • SHA256

      94cfbb7fcdd463921440465fe15e147244ec09155324186d16eb7bfa70f2b302

    • SHA512

      4acc98c35d1a75701ae7ba248dfac71b332c556b8767e901c8ed7f9069cf120aefb666f5f8d0041b47fa249f2b372f0fe9b175ab5cc12c70b970d06972f9fdc9

    • SSDEEP

      1536:h29uP13gZd7R4N5inOh9KsJifTduD4oTxw:Iu3q18NKsJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks