Overview

overview

10

Static

static

3

20bb662271...0N.exe

windows7-x64

10

20bb662271...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    20bb662271aa61ba904e79b354dda2fdd14732343b7bc10ac060960475e495d0N

  • Size

    45KB

  • Sample

    241012-skydzawhqd

  • MD5

    2c4b5f3ccb34d0460908bca9a305e060

  • SHA1

    7fd0e88e141ce746454c292b4cec1bb295a40847

  • SHA256

    20bb662271aa61ba904e79b354dda2fdd14732343b7bc10ac060960475e495d0

  • SHA512

    e60b2a43c81702d2ddd5d2658a90d48a0d30c7456597866112fd2e970467339ccb8dd57a065b6be7269cfa1edbab02e93939fee770e61be05247ecd93c2b4fe8

  • SSDEEP

    768:4wXDi5XWEve0nkrYIe/oD0OGGNwuoZbeV13x9fM4iKM55aCI/1H5m:uXWEvxnKooPGJuoEBMCM55aFM

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      20bb662271aa61ba904e79b354dda2fdd14732343b7bc10ac060960475e495d0N

    • Size

      45KB

    • MD5

      2c4b5f3ccb34d0460908bca9a305e060

    • SHA1

      7fd0e88e141ce746454c292b4cec1bb295a40847

    • SHA256

      20bb662271aa61ba904e79b354dda2fdd14732343b7bc10ac060960475e495d0

    • SHA512

      e60b2a43c81702d2ddd5d2658a90d48a0d30c7456597866112fd2e970467339ccb8dd57a065b6be7269cfa1edbab02e93939fee770e61be05247ecd93c2b4fe8

    • SSDEEP

      768:4wXDi5XWEve0nkrYIe/oD0OGGNwuoZbeV13x9fM4iKM55aCI/1H5m:uXWEvxnKooPGJuoEBMCM55aFM

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks