Overview

overview

10

Static

static

3

a4df4a76b0...46.exe

windows7-x64

10

a4df4a76b0...46.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4df4a76b05817cd34e3a119aff928079764a8c824d5675768bed67892f37d46.exe

  • Size

    380KB

  • Sample

    241120-fgzfmssbqk

  • MD5

    9dd98b5ab6de19ebdbe4da04e3269109

  • SHA1

    17f31c84a4a7685f9d1cd2f5b038b6385bdecaa0

  • SHA256

    a4df4a76b05817cd34e3a119aff928079764a8c824d5675768bed67892f37d46

  • SHA512

    5dcaa77bebaa04608e7ebb45cefdcb642e8c53f00095cc24cd540978e88ba38829591e9a2f24a5eac6ebff40c78bc225c7207fdc2334147f30c135c6f44a856e

  • SSDEEP

    6144:hvCgHCN9Otopg5tTDUZNSN58VU5tTvnVn5tTDUZNSN58VT:hCzOtoq5t6NSN6G5tbt5t6NSN6p

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a4df4a76b05817cd34e3a119aff928079764a8c824d5675768bed67892f37d46.exe

    • Size

      380KB

    • MD5

      9dd98b5ab6de19ebdbe4da04e3269109

    • SHA1

      17f31c84a4a7685f9d1cd2f5b038b6385bdecaa0

    • SHA256

      a4df4a76b05817cd34e3a119aff928079764a8c824d5675768bed67892f37d46

    • SHA512

      5dcaa77bebaa04608e7ebb45cefdcb642e8c53f00095cc24cd540978e88ba38829591e9a2f24a5eac6ebff40c78bc225c7207fdc2334147f30c135c6f44a856e

    • SSDEEP

      6144:hvCgHCN9Otopg5tTDUZNSN58VU5tTvnVn5tTDUZNSN58VT:hCzOtoq5t6NSN6G5tbt5t6NSN6p

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks