Overview

overview

10

Static

static

3

957420d8d1...7N.exe

windows7-x64

10

957420d8d1...7N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    957420d8d12865256fc2340a0ab08d2e26c75aba6c22ee7f3406734b103e1617N

  • Size

    69KB

  • Sample

    241013-sbp18ssdjg

  • MD5

    b94dabff6c10286580a46e2d9d16e940

  • SHA1

    051978fc73c88996d7e27c9465ad3b5c7b67c885

  • SHA256

    957420d8d12865256fc2340a0ab08d2e26c75aba6c22ee7f3406734b103e1617

  • SHA512

    71afe70be7487177fbb856dfe9515ad2761e349775c66a01e1c8b8b3ab42757b83a64761a08fe155b8cf5bd7e0bb0c7cd762d26b9daa9698bce7b3a510a3015b

  • SSDEEP

    1536:QO2bOacz0N8GIHmOyxCqJ2HNein/GFZCeDAyY:Q/8ZmO5qAHNFn/GFZC1yY

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      957420d8d12865256fc2340a0ab08d2e26c75aba6c22ee7f3406734b103e1617N

    • Size

      69KB

    • MD5

      b94dabff6c10286580a46e2d9d16e940

    • SHA1

      051978fc73c88996d7e27c9465ad3b5c7b67c885

    • SHA256

      957420d8d12865256fc2340a0ab08d2e26c75aba6c22ee7f3406734b103e1617

    • SHA512

      71afe70be7487177fbb856dfe9515ad2761e349775c66a01e1c8b8b3ab42757b83a64761a08fe155b8cf5bd7e0bb0c7cd762d26b9daa9698bce7b3a510a3015b

    • SSDEEP

      1536:QO2bOacz0N8GIHmOyxCqJ2HNein/GFZCeDAyY:Q/8ZmO5qAHNFn/GFZC1yY

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks