Overview

overview

10

Static

static

3

1c9fc0db70...b9.exe

windows7-x64

10

1c9fc0db70...b9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c9fc0db70ad59170d6cb8fbb179cc797317085c5a6c2d46dae367ca54719fb9.exe

  • Size

    97KB

  • Sample

    241119-nzj3nsvqct

  • MD5

    c982d4ca9692b77cbbf55075c369f4f6

  • SHA1

    50dc10bb3292dcb8facef66fd01492cb590280b4

  • SHA256

    1c9fc0db70ad59170d6cb8fbb179cc797317085c5a6c2d46dae367ca54719fb9

  • SHA512

    049344cfbca3bc8c420c0835ccf570c730a7cc804e0936496f8a5d0a3746aeb8c37a1013d0c8b381bed05fed9cb1456e689548c9f6d89e501ef7d050a3cb0dab

  • SSDEEP

    1536:uHMFw5VQg257h2R3Fs2dLpvi9CdQ10Q04UX+WhtOXUwXfzwE57pvJXeYZq:uqmh3pvi9CdQahwPzwm7pJXeKq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1c9fc0db70ad59170d6cb8fbb179cc797317085c5a6c2d46dae367ca54719fb9.exe

    • Size

      97KB

    • MD5

      c982d4ca9692b77cbbf55075c369f4f6

    • SHA1

      50dc10bb3292dcb8facef66fd01492cb590280b4

    • SHA256

      1c9fc0db70ad59170d6cb8fbb179cc797317085c5a6c2d46dae367ca54719fb9

    • SHA512

      049344cfbca3bc8c420c0835ccf570c730a7cc804e0936496f8a5d0a3746aeb8c37a1013d0c8b381bed05fed9cb1456e689548c9f6d89e501ef7d050a3cb0dab

    • SSDEEP

      1536:uHMFw5VQg257h2R3Fs2dLpvi9CdQ10Q04UX+WhtOXUwXfzwE57pvJXeYZq:uqmh3pvi9CdQahwPzwm7pJXeKq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks