Overview

overview

10

Static

static

3

9be9af8aab...aN.exe

windows7-x64

10

9be9af8aab...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9be9af8aab87d2b53ba1f002ccdd7756909a6ccd6e34b4a24ad76f5e9ae31f2aN.exe

  • Size

    91KB

  • Sample

    241119-rkvseawqfx

  • MD5

    9bd151f14baa9bc27f7964ed2010ef60

  • SHA1

    604c056fe84e27ae0543e637ca405e2a21fc0d5b

  • SHA256

    9be9af8aab87d2b53ba1f002ccdd7756909a6ccd6e34b4a24ad76f5e9ae31f2a

  • SHA512

    39b185cee721d7ebd21ef778edc2b3ab59f5f1a4d86d300369110693f2279c04f8bc4564a1a0f81c2e609927fde437a5ca16d8ea06617a94b95ca04f1f065543

  • SSDEEP

    1536:f1DRaQnNnXkPuY9wEN2TlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45JO:ftRln1G9w82TlLBsLnVUUHyNwtN4/nEG

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9be9af8aab87d2b53ba1f002ccdd7756909a6ccd6e34b4a24ad76f5e9ae31f2aN.exe

    • Size

      91KB

    • MD5

      9bd151f14baa9bc27f7964ed2010ef60

    • SHA1

      604c056fe84e27ae0543e637ca405e2a21fc0d5b

    • SHA256

      9be9af8aab87d2b53ba1f002ccdd7756909a6ccd6e34b4a24ad76f5e9ae31f2a

    • SHA512

      39b185cee721d7ebd21ef778edc2b3ab59f5f1a4d86d300369110693f2279c04f8bc4564a1a0f81c2e609927fde437a5ca16d8ea06617a94b95ca04f1f065543

    • SSDEEP

      1536:f1DRaQnNnXkPuY9wEN2TlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45JO:ftRln1G9w82TlLBsLnVUUHyNwtN4/nEG

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks