Overview

overview

10

Static

static

3

0724b0b010...06.exe

windows7-x64

10

0724b0b010...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0724b0b0108cc86125ef19dfc321b046bec40dc5e11df60f1a84268ef980f706.exe

  • Size

    84KB

  • Sample

    241119-xgrjgavnam

  • MD5

    6dda0ed178dd32eaaf83e54c132ff9a2

  • SHA1

    727a8ad9d848d8bb91d2f3cbb966ee55851c7e89

  • SHA256

    0724b0b0108cc86125ef19dfc321b046bec40dc5e11df60f1a84268ef980f706

  • SHA512

    7493584f80e0836780b6a1ed79c4d0f5602665338bc8bc0f2ae68b6c85d6a9abc21290fc8084243bae38e155f49fd8ef340eac995967e6a5b8cd5ef5c6e2d0ea

  • SSDEEP

    1536:7QGG4nP8Y6dW1jGoCz0ik8P0XSREXHfVPfMVwNKT1iqWUPGc4T7VLn:7JRnOdW1zCQijP0CREXdXNKT1ntPG9pT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0724b0b0108cc86125ef19dfc321b046bec40dc5e11df60f1a84268ef980f706.exe

    • Size

      84KB

    • MD5

      6dda0ed178dd32eaaf83e54c132ff9a2

    • SHA1

      727a8ad9d848d8bb91d2f3cbb966ee55851c7e89

    • SHA256

      0724b0b0108cc86125ef19dfc321b046bec40dc5e11df60f1a84268ef980f706

    • SHA512

      7493584f80e0836780b6a1ed79c4d0f5602665338bc8bc0f2ae68b6c85d6a9abc21290fc8084243bae38e155f49fd8ef340eac995967e6a5b8cd5ef5c6e2d0ea

    • SSDEEP

      1536:7QGG4nP8Y6dW1jGoCz0ik8P0XSREXHfVPfMVwNKT1iqWUPGc4T7VLn:7JRnOdW1zCQijP0CREXdXNKT1ntPG9pT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks