Overview

overview

10

Static

static

10

0712c813b1...6N.exe

windows7-x64

10

0712c813b1...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0712c813b1411d90a009f99b31518d7873ee742ff67feaff990b7294e5429906N.exe

  • Size

    224KB

  • Sample

    241120-dpfx6ayrev

  • MD5

    aac66edb964561cc54f7568b5960f510

  • SHA1

    7daa9e2d7f22a2d87b102b3b11bb778258a68d2d

  • SHA256

    0712c813b1411d90a009f99b31518d7873ee742ff67feaff990b7294e5429906

  • SHA512

    e0a8a5305de0248d3fb8ce5345c3786c00dd23864d8562e5e7e4f1d23bd1fb2a405ece0dda051a2f356492737cd598de594d6b87d19c96c74983d447b179c4be

  • SSDEEP

    3072:qO+7xMSGZU2asH1xAQqmIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDl:Kk4m4s5tTDUZNSN58VU5tTtf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0712c813b1411d90a009f99b31518d7873ee742ff67feaff990b7294e5429906N.exe

    • Size

      224KB

    • MD5

      aac66edb964561cc54f7568b5960f510

    • SHA1

      7daa9e2d7f22a2d87b102b3b11bb778258a68d2d

    • SHA256

      0712c813b1411d90a009f99b31518d7873ee742ff67feaff990b7294e5429906

    • SHA512

      e0a8a5305de0248d3fb8ce5345c3786c00dd23864d8562e5e7e4f1d23bd1fb2a405ece0dda051a2f356492737cd598de594d6b87d19c96c74983d447b179c4be

    • SSDEEP

      3072:qO+7xMSGZU2asH1xAQqmIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDl:Kk4m4s5tTDUZNSN58VU5tTtf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks