Overview

overview

10

Static

static

3

f74169e3ca...6N.exe

windows7-x64

10

f74169e3ca...6N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f74169e3ca366c97c92615b77ecf92be32a4547169feca0475a9e018a6cf9116N

  • Size

    101KB

  • Sample

    241018-cpw4ps1bra

  • MD5

    16c5ea692e0f40bccbbd29adf35914b0

  • SHA1

    7a576c7a54ac94c1fb990cff19b0494be7cc36b8

  • SHA256

    f74169e3ca366c97c92615b77ecf92be32a4547169feca0475a9e018a6cf9116

  • SHA512

    b54782ee3c90fb4cc98582a101666dbef2ac56164b90daaa115a5c63aeab14754681bf88c1318312e447ea9ab8583ee258782b9812711ef58d5df6012b9e3e52

  • SSDEEP

    3072:ZmWwY0kq7QQl9aWQzDjduXqbyu0sY7q5AnrHY4vDX:ZmWDVq7DlXQ3o853Anr44vDX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f74169e3ca366c97c92615b77ecf92be32a4547169feca0475a9e018a6cf9116N

    • Size

      101KB

    • MD5

      16c5ea692e0f40bccbbd29adf35914b0

    • SHA1

      7a576c7a54ac94c1fb990cff19b0494be7cc36b8

    • SHA256

      f74169e3ca366c97c92615b77ecf92be32a4547169feca0475a9e018a6cf9116

    • SHA512

      b54782ee3c90fb4cc98582a101666dbef2ac56164b90daaa115a5c63aeab14754681bf88c1318312e447ea9ab8583ee258782b9812711ef58d5df6012b9e3e52

    • SSDEEP

      3072:ZmWwY0kq7QQl9aWQzDjduXqbyu0sY7q5AnrHY4vDX:ZmWDVq7DlXQ3o853Anr44vDX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks