Overview

overview

10

Static

static

3

0bd13b0482...5N.exe

windows7-x64

10

0bd13b0482...5N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0bd13b0482d2d71edccf5d2b671e796b85697b254421b6154ac1be1cc06c1285N

  • Size

    45KB

  • Sample

    241014-dshadsxbje

  • MD5

    b70ace53d3761da7d3b61541d98f1300

  • SHA1

    565828870fdf74dbe37fce5330bed2ce97078c34

  • SHA256

    0bd13b0482d2d71edccf5d2b671e796b85697b254421b6154ac1be1cc06c1285

  • SHA512

    03e77aa8936583e9e21c11d3725b669f73a245f3b1fa26d2912ace8d304b8b825ad97d999e1b7e9629da06751f38902fba7f9127344113bbcf10e57b649354c7

  • SSDEEP

    768:MXHc7IizjiAhTrnoLL49pbDXT4yixf26ploBGYQcf/1H5V:+8kifhTrn4L49pbDcyMfxwicxn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0bd13b0482d2d71edccf5d2b671e796b85697b254421b6154ac1be1cc06c1285N

    • Size

      45KB

    • MD5

      b70ace53d3761da7d3b61541d98f1300

    • SHA1

      565828870fdf74dbe37fce5330bed2ce97078c34

    • SHA256

      0bd13b0482d2d71edccf5d2b671e796b85697b254421b6154ac1be1cc06c1285

    • SHA512

      03e77aa8936583e9e21c11d3725b669f73a245f3b1fa26d2912ace8d304b8b825ad97d999e1b7e9629da06751f38902fba7f9127344113bbcf10e57b649354c7

    • SSDEEP

      768:MXHc7IizjiAhTrnoLL49pbDXT4yixf26ploBGYQcf/1H5V:+8kifhTrn4L49pbDcyMfxwicxn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks