Overview

overview

10

Static

static

3

afc55983b6...0N.exe

windows7-x64

10

afc55983b6...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afc55983b635c742299d595b1a10778511548efb2983a5552b78492147c0f7c0N.exe

  • Size

    55KB

  • Sample

    241123-ttt9catpcq

  • MD5

    f50ac94a7169135d331a139cf345f2f0

  • SHA1

    cf77ba81acb7afb2c0fb2a780996234974277dad

  • SHA256

    afc55983b635c742299d595b1a10778511548efb2983a5552b78492147c0f7c0

  • SHA512

    554ae5027d4691b46027d2e53337f863dd8c08b0d5cbea214c390b61115694926889f254f81ad63ad5fcb03c383cdfd0216c2133ff031cc69e4636110ab1c7e1

  • SSDEEP

    1536:MoJoL8BNdfXJo+87UiQtZNSoNSd0A3shxD6:M1C718IL3NXNW0A8hh

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      afc55983b635c742299d595b1a10778511548efb2983a5552b78492147c0f7c0N.exe

    • Size

      55KB

    • MD5

      f50ac94a7169135d331a139cf345f2f0

    • SHA1

      cf77ba81acb7afb2c0fb2a780996234974277dad

    • SHA256

      afc55983b635c742299d595b1a10778511548efb2983a5552b78492147c0f7c0

    • SHA512

      554ae5027d4691b46027d2e53337f863dd8c08b0d5cbea214c390b61115694926889f254f81ad63ad5fcb03c383cdfd0216c2133ff031cc69e4636110ab1c7e1

    • SSDEEP

      1536:MoJoL8BNdfXJo+87UiQtZNSoNSd0A3shxD6:M1C718IL3NXNW0A8hh

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks