Overview

overview

10

Static

static

3

1ebf48c60a...8N.exe

windows7-x64

10

1ebf48c60a...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ebf48c60acedf24cc450d865bc5824730a4d1d74687e4c639e3f1c263ef07b8N.exe

  • Size

    194KB

  • Sample

    241119-thttfaxhqb

  • MD5

    b0ced8f6081b51fd6c92dfd8c5a7a670

  • SHA1

    b73b7706de4f08ca9aa697678af0767ba3b15de2

  • SHA256

    1ebf48c60acedf24cc450d865bc5824730a4d1d74687e4c639e3f1c263ef07b8

  • SHA512

    e2901ba7c24425ef23c5706d46df81c187d0c257aea179d43921fbee12dd5576bbddd8395ae1ca491a6b10121e59cfc4b518c99666eeaea667b8c21c152db255

  • SSDEEP

    6144:kwBtLDbXwqC+QdSfUNRbCeKpNYxWlJ7mkD6pNY:k+LDTwq

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1ebf48c60acedf24cc450d865bc5824730a4d1d74687e4c639e3f1c263ef07b8N.exe

    • Size

      194KB

    • MD5

      b0ced8f6081b51fd6c92dfd8c5a7a670

    • SHA1

      b73b7706de4f08ca9aa697678af0767ba3b15de2

    • SHA256

      1ebf48c60acedf24cc450d865bc5824730a4d1d74687e4c639e3f1c263ef07b8

    • SHA512

      e2901ba7c24425ef23c5706d46df81c187d0c257aea179d43921fbee12dd5576bbddd8395ae1ca491a6b10121e59cfc4b518c99666eeaea667b8c21c152db255

    • SSDEEP

      6144:kwBtLDbXwqC+QdSfUNRbCeKpNYxWlJ7mkD6pNY:k+LDTwq

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks