Overview

overview

10

Static

static

10

4618025317...39.exe

windows7-x64

10

4618025317...39.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46180253173b46b63a2887b5736c4566343bbf091071924bd724b7bdf9a27d39

  • Size

    194KB

  • Sample

    241123-1tpr7aylex

  • MD5

    92cf168e22cee8d04159013f5b3edf44

  • SHA1

    7ea8e8e7475ef4efd99488a4b6bb0bb5cb2c0450

  • SHA256

    46180253173b46b63a2887b5736c4566343bbf091071924bd724b7bdf9a27d39

  • SHA512

    08336c5fc4e015e30ab613dfddb2fc4fb8ecb133d95645eae95ca3ef85a78920d961811120b68257ef0a9cbb65a2fecd6b6a2ce1532ad61adf6cca820349d0bf

  • SSDEEP

    3072:bDjLIZb8QCDQSTJQmMIM/kEmMIGumMIc/1GV:PHIkFQ5/pbuh/UV

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      46180253173b46b63a2887b5736c4566343bbf091071924bd724b7bdf9a27d39

    • Size

      194KB

    • MD5

      92cf168e22cee8d04159013f5b3edf44

    • SHA1

      7ea8e8e7475ef4efd99488a4b6bb0bb5cb2c0450

    • SHA256

      46180253173b46b63a2887b5736c4566343bbf091071924bd724b7bdf9a27d39

    • SHA512

      08336c5fc4e015e30ab613dfddb2fc4fb8ecb133d95645eae95ca3ef85a78920d961811120b68257ef0a9cbb65a2fecd6b6a2ce1532ad61adf6cca820349d0bf

    • SSDEEP

      3072:bDjLIZb8QCDQSTJQmMIM/kEmMIGumMIc/1GV:PHIkFQ5/pbuh/UV

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks