Overview

overview

10

Static

static

10

c0fc0f8dfe...02.exe

windows7-x64

10

c0fc0f8dfe...02.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c0fc0f8dfe1932ea169df30c87fd7377cb1f2f3abc6d09b2e68212bb3b411202

  • Size

    101KB

  • Sample

    241018-c5lmxaveqp

  • MD5

    b6ca3fbe316f5d4343cb0d4c5eeb89a3

  • SHA1

    6e6a84c216285047930e347a1b8f7508fa31f6b5

  • SHA256

    c0fc0f8dfe1932ea169df30c87fd7377cb1f2f3abc6d09b2e68212bb3b411202

  • SHA512

    61626ce009acba52660799daa99276600e5e93b2cb146da2b726106a8a0daa8d0afe2497ec7e528b1114cfc2bda0d5ff33c3e299e2a12230f445cc6f657f1b10

  • SSDEEP

    1536:eejv2oW74uM5dNlAay1+zXtuXqbyNXrg0sZS7qlDABU8B9HYcJvDX:eeBAay1IduXqbyu0sY7q5AnrHY4vDX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c0fc0f8dfe1932ea169df30c87fd7377cb1f2f3abc6d09b2e68212bb3b411202

    • Size

      101KB

    • MD5

      b6ca3fbe316f5d4343cb0d4c5eeb89a3

    • SHA1

      6e6a84c216285047930e347a1b8f7508fa31f6b5

    • SHA256

      c0fc0f8dfe1932ea169df30c87fd7377cb1f2f3abc6d09b2e68212bb3b411202

    • SHA512

      61626ce009acba52660799daa99276600e5e93b2cb146da2b726106a8a0daa8d0afe2497ec7e528b1114cfc2bda0d5ff33c3e299e2a12230f445cc6f657f1b10

    • SSDEEP

      1536:eejv2oW74uM5dNlAay1+zXtuXqbyNXrg0sZS7qlDABU8B9HYcJvDX:eeBAay1IduXqbyu0sY7q5AnrHY4vDX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks