Overview

overview

10

Static

static

3

288b0a16cf...5N.exe

windows7-x64

10

288b0a16cf...5N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    288b0a16cf9d93b87247458dc9a9e1a62e5836cc9f0ba605b15af2b5e1e3fbf5N

  • Size

    45KB

  • Sample

    241018-bmewzazhnm

  • MD5

    62123c4885ca1c8e92038bf0079c4150

  • SHA1

    7e83376b8c30095ccbc5030c7e4ea875bac4c45d

  • SHA256

    288b0a16cf9d93b87247458dc9a9e1a62e5836cc9f0ba605b15af2b5e1e3fbf5

  • SHA512

    bafd954a809f5c63a8169755242568672d425359b58078adb07ec23cccf07b9e9047558c917310063b350032304b99691c6503ba7f56d5df4bf19292da2b37e4

  • SSDEEP

    768:O32H9UDhc2NHtYo7kO6lwwWuxkq24m0CaHYBCFiX/1H5ti:O32H9eiOngZWuxhmAFqji

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      288b0a16cf9d93b87247458dc9a9e1a62e5836cc9f0ba605b15af2b5e1e3fbf5N

    • Size

      45KB

    • MD5

      62123c4885ca1c8e92038bf0079c4150

    • SHA1

      7e83376b8c30095ccbc5030c7e4ea875bac4c45d

    • SHA256

      288b0a16cf9d93b87247458dc9a9e1a62e5836cc9f0ba605b15af2b5e1e3fbf5

    • SHA512

      bafd954a809f5c63a8169755242568672d425359b58078adb07ec23cccf07b9e9047558c917310063b350032304b99691c6503ba7f56d5df4bf19292da2b37e4

    • SSDEEP

      768:O32H9UDhc2NHtYo7kO6lwwWuxkq24m0CaHYBCFiX/1H5ti:O32H9eiOngZWuxhmAFqji

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks