Overview

overview

10

Static

static

3

6b1fe28a03...04.exe

windows7-x64

10

6b1fe28a03...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b1fe28a0361788422b846a3494e53864e4a89aa2c4e2936d9d3e6fee3ff8f04.exe

  • Size

    64KB

  • Sample

    241123-v4w2csyna1

  • MD5

    631e37a9b95cc57c3a2f4a841a089b3a

  • SHA1

    e93e064e82292b1d1c17bd63493cbc4dadfcffd9

  • SHA256

    6b1fe28a0361788422b846a3494e53864e4a89aa2c4e2936d9d3e6fee3ff8f04

  • SHA512

    3860f51f7e391966fe9fb2ff8c9442ac7f152a80dd2ee15b3e8d5f230c297840584da5678c1d45898999c071c397eb3d3c67ba9749bbcebf242f39f572806246

  • SSDEEP

    1536:p6yQSmkbiOYbjp2xplLBsLnVLdGUHyNwm:p6UiOYMplLBsLnVUUHyNwm

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6b1fe28a0361788422b846a3494e53864e4a89aa2c4e2936d9d3e6fee3ff8f04.exe

    • Size

      64KB

    • MD5

      631e37a9b95cc57c3a2f4a841a089b3a

    • SHA1

      e93e064e82292b1d1c17bd63493cbc4dadfcffd9

    • SHA256

      6b1fe28a0361788422b846a3494e53864e4a89aa2c4e2936d9d3e6fee3ff8f04

    • SHA512

      3860f51f7e391966fe9fb2ff8c9442ac7f152a80dd2ee15b3e8d5f230c297840584da5678c1d45898999c071c397eb3d3c67ba9749bbcebf242f39f572806246

    • SSDEEP

      1536:p6yQSmkbiOYbjp2xplLBsLnVLdGUHyNwm:p6UiOYMplLBsLnVUUHyNwm

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks