Overview

overview

10

Static

static

3

b69d74a3e6...44.exe

windows7-x64

10

b69d74a3e6...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b69d74a3e6b3832949f1992788bddc03843624a5c6f0a998a3054fd14e29c444

  • Size

    92KB

  • Sample

    241123-c9g6aasmgj

  • MD5

    6bc24f872b81b04dee69ba703aa18dd5

  • SHA1

    15b4923ec268f6c5fad382099a91bbf5a84bac73

  • SHA256

    b69d74a3e6b3832949f1992788bddc03843624a5c6f0a998a3054fd14e29c444

  • SHA512

    7a3c4b119bd3ec5f60d15557e144c01054c101f52b88ae2f2f001c73338646f8f7204fa7d0dfde9dfb17431f72ae36c0073905b8b958c1f15a1af01df1eb8d3c

  • SSDEEP

    1536:0XXOW+bjpwz4SAAIl/HFL762YVepJJZIcqID59KOJk24VEI4Lar/ju7JCB:YAbdwz7+FlL76be/nIcqIOOJF4EISi/7

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b69d74a3e6b3832949f1992788bddc03843624a5c6f0a998a3054fd14e29c444

    • Size

      92KB

    • MD5

      6bc24f872b81b04dee69ba703aa18dd5

    • SHA1

      15b4923ec268f6c5fad382099a91bbf5a84bac73

    • SHA256

      b69d74a3e6b3832949f1992788bddc03843624a5c6f0a998a3054fd14e29c444

    • SHA512

      7a3c4b119bd3ec5f60d15557e144c01054c101f52b88ae2f2f001c73338646f8f7204fa7d0dfde9dfb17431f72ae36c0073905b8b958c1f15a1af01df1eb8d3c

    • SSDEEP

      1536:0XXOW+bjpwz4SAAIl/HFL762YVepJJZIcqID59KOJk24VEI4Lar/ju7JCB:YAbdwz7+FlL76be/nIcqIOOJF4EISi/7

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks