Overview

overview

10

Static

static

3

a91fd5ef58...78.exe

windows7-x64

10

a91fd5ef58...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a91fd5ef582e8bca09244e4f67f367fd7bae14f6734d97691305cf838faa1678.exe

  • Size

    45KB

  • Sample

    241123-ntg15azrck

  • MD5

    9c500914eaaec24ee2913673684f7074

  • SHA1

    ced061073e4bd23dc0693e2d60633a1d136a8ccf

  • SHA256

    a91fd5ef582e8bca09244e4f67f367fd7bae14f6734d97691305cf838faa1678

  • SHA512

    7852c24edd4cc2abb7c3e1fb0cfa0a1fa8c9a246bc3b323d2395197402a67defaac971f18c481926647bf06d797c9303aa9c2d5d3c459eb12adf4b15dcb43c4f

  • SSDEEP

    768:ezeRM9VRTt2FpdgZCdsqt/er0TI5Xky359OT79i7z0vIMnu3/1H5w:ezem9VRTt2Fpd2Tb34lASuJm

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a91fd5ef582e8bca09244e4f67f367fd7bae14f6734d97691305cf838faa1678.exe

    • Size

      45KB

    • MD5

      9c500914eaaec24ee2913673684f7074

    • SHA1

      ced061073e4bd23dc0693e2d60633a1d136a8ccf

    • SHA256

      a91fd5ef582e8bca09244e4f67f367fd7bae14f6734d97691305cf838faa1678

    • SHA512

      7852c24edd4cc2abb7c3e1fb0cfa0a1fa8c9a246bc3b323d2395197402a67defaac971f18c481926647bf06d797c9303aa9c2d5d3c459eb12adf4b15dcb43c4f

    • SSDEEP

      768:ezeRM9VRTt2FpdgZCdsqt/er0TI5Xky359OT79i7z0vIMnu3/1H5w:ezem9VRTt2Fpd2Tb34lASuJm

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks