Overview

overview

10

Static

static

3

fac721a1b0...95.exe

windows7-x64

10

fac721a1b0...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fac721a1b0c0cc31e966620ca6aee6a4132d4b9e48499971f6b9e3c116043395

  • Size

    84KB

  • Sample

    241123-f8m7pazjdt

  • MD5

    e552e83cc99fca4404233ce5ddd4c143

  • SHA1

    a87253db6281b898f43a41e0978b3d7c31f2a7a1

  • SHA256

    fac721a1b0c0cc31e966620ca6aee6a4132d4b9e48499971f6b9e3c116043395

  • SHA512

    ae6752d4301ee6e212ffe81cba57fe936ca8b871fd3db1397cd86a7b1a63aa9938e751cbe8d497fdcebb5aad4d1ed9750dfe3518d77bee996cd6562546340418

  • SSDEEP

    1536:b/5ms1dxOseE4qcKt9pP8TfLoCDPz/r3jv8jETXSREXHfVPfMVwNKT1iqWUPGc4J:b95O2t9pETfLXDPz/r3jvCETCREXdXNp

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fac721a1b0c0cc31e966620ca6aee6a4132d4b9e48499971f6b9e3c116043395

    • Size

      84KB

    • MD5

      e552e83cc99fca4404233ce5ddd4c143

    • SHA1

      a87253db6281b898f43a41e0978b3d7c31f2a7a1

    • SHA256

      fac721a1b0c0cc31e966620ca6aee6a4132d4b9e48499971f6b9e3c116043395

    • SHA512

      ae6752d4301ee6e212ffe81cba57fe936ca8b871fd3db1397cd86a7b1a63aa9938e751cbe8d497fdcebb5aad4d1ed9750dfe3518d77bee996cd6562546340418

    • SSDEEP

      1536:b/5ms1dxOseE4qcKt9pP8TfLoCDPz/r3jv8jETXSREXHfVPfMVwNKT1iqWUPGc4J:b95O2t9pETfLXDPz/r3jvCETCREXdXNp

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks