Overview

overview

10

Static

static

3

0f83df0678...dN.exe

windows7-x64

10

0f83df0678...dN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0f83df06780005b35b720522ddc4cab571ef8a9cbec57c79e8097b0c7ee9ad6dN

  • Size

    64KB

  • Sample

    241015-hc5g7szele

  • MD5

    b22fd71cc84da4f25079cce07c7d47b0

  • SHA1

    9b512109cdab8ac0c2f83dea7165ab3770a5c7c5

  • SHA256

    0f83df06780005b35b720522ddc4cab571ef8a9cbec57c79e8097b0c7ee9ad6d

  • SHA512

    5c8e98fcd2748a89074f66c8783bf8bfd4d4f158cd242a074065c7a56a7beeda0735cb57ca4766df8eeaecce244525e0a6eff09baf8f1a6fd65dd5025739d8d4

  • SSDEEP

    1536:gJtb2AmknJwxrHAit9AvDu2jQ1mroUEWynrPFW2iwTbW:gJtb2AmknJwxrEXclXDFW2VTbW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0f83df06780005b35b720522ddc4cab571ef8a9cbec57c79e8097b0c7ee9ad6dN

    • Size

      64KB

    • MD5

      b22fd71cc84da4f25079cce07c7d47b0

    • SHA1

      9b512109cdab8ac0c2f83dea7165ab3770a5c7c5

    • SHA256

      0f83df06780005b35b720522ddc4cab571ef8a9cbec57c79e8097b0c7ee9ad6d

    • SHA512

      5c8e98fcd2748a89074f66c8783bf8bfd4d4f158cd242a074065c7a56a7beeda0735cb57ca4766df8eeaecce244525e0a6eff09baf8f1a6fd65dd5025739d8d4

    • SSDEEP

      1536:gJtb2AmknJwxrHAit9AvDu2jQ1mroUEWynrPFW2iwTbW:gJtb2AmknJwxrEXclXDFW2VTbW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks