Overview

overview

10

Static

static

3

70ebddedda...cN.exe

windows7-x64

10

70ebddedda...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70ebddeddae1351fedb56932b99d4ee7c570284d95170960581c26e781e6572cN

  • Size

    45KB

  • Sample

    241018-hs1tyswdrr

  • MD5

    84f25b016e7917b2c50eb1e566963040

  • SHA1

    3093a79d00feb0824a8e59a653300027671dd536

  • SHA256

    70ebddeddae1351fedb56932b99d4ee7c570284d95170960581c26e781e6572c

  • SHA512

    4ae57cb4c4f91e88f0f8fe09ecc371e5049f8bda1c74f31ef2f4cd83c6892dfacf1e39df606bd075d3ac75eb4f74fd3ae478e15d73d1eaef734c484f9d3449e6

  • SSDEEP

    768:gWpAKbtmGQt6BFoqciGEs0oRVzb06L3lg8qxcF4UMbTTfh49H4YqL/1H5Z:g9KY+1GEspvgvbHGoT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      70ebddeddae1351fedb56932b99d4ee7c570284d95170960581c26e781e6572cN

    • Size

      45KB

    • MD5

      84f25b016e7917b2c50eb1e566963040

    • SHA1

      3093a79d00feb0824a8e59a653300027671dd536

    • SHA256

      70ebddeddae1351fedb56932b99d4ee7c570284d95170960581c26e781e6572c

    • SHA512

      4ae57cb4c4f91e88f0f8fe09ecc371e5049f8bda1c74f31ef2f4cd83c6892dfacf1e39df606bd075d3ac75eb4f74fd3ae478e15d73d1eaef734c484f9d3449e6

    • SSDEEP

      768:gWpAKbtmGQt6BFoqciGEs0oRVzb06L3lg8qxcF4UMbTTfh49H4YqL/1H5Z:g9KY+1GEspvgvbHGoT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks