Overview

overview

10

Static

static

3

4f7d42e41b...9a.exe

windows7-x64

10

4f7d42e41b...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f7d42e41b84085abd6585aca01d0d7f474c29e51243317bed2a789b398da79a.exe

  • Size

    77KB

  • Sample

    241119-na5cbavdrd

  • MD5

    bb679948671fd2b85d044b66ad269e85

  • SHA1

    9ef98d239cf1ffab611e3ab1685e2f54897e99d7

  • SHA256

    4f7d42e41b84085abd6585aca01d0d7f474c29e51243317bed2a789b398da79a

  • SHA512

    e69b17e7a18af868416a1de9d2b816f38a9d3746fe2752ee80a6f12b684239bf10391f6bc0b34d67f96ea85efbacebe56991182a07f356b5895796b2e274e4eb

  • SSDEEP

    1536:gWPiCOQ7LtHW6V71037cyNpthRYG7p+QO617DWkZFfScD7SzCbHWrAWC:gWP9HW6V1037cyNpt0G7p+QOuGkZFfFd

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4f7d42e41b84085abd6585aca01d0d7f474c29e51243317bed2a789b398da79a.exe

    • Size

      77KB

    • MD5

      bb679948671fd2b85d044b66ad269e85

    • SHA1

      9ef98d239cf1ffab611e3ab1685e2f54897e99d7

    • SHA256

      4f7d42e41b84085abd6585aca01d0d7f474c29e51243317bed2a789b398da79a

    • SHA512

      e69b17e7a18af868416a1de9d2b816f38a9d3746fe2752ee80a6f12b684239bf10391f6bc0b34d67f96ea85efbacebe56991182a07f356b5895796b2e274e4eb

    • SSDEEP

      1536:gWPiCOQ7LtHW6V71037cyNpthRYG7p+QO617DWkZFfScD7SzCbHWrAWC:gWP9HW6V1037cyNpt0G7p+QOuGkZFfFd

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks