Overview

overview

10

Static

static

3

460a14b3a8...7N.exe

windows7-x64

10

460a14b3a8...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    460a14b3a876d3e02767e9f42e18c8bbbacbc4863a1166fd92e51e2eb9a7bc37N.exe

  • Size

    45KB

  • Sample

    241123-vgrs5ayjev

  • MD5

    f0d2a01b74db988228d5b376a9fe2cd0

  • SHA1

    9c70827fef2514c4171b2f6b0ed4663e0b9b609a

  • SHA256

    460a14b3a876d3e02767e9f42e18c8bbbacbc4863a1166fd92e51e2eb9a7bc37

  • SHA512

    17410da96bfccbb270ae41ab177609d81b379d8522cd28978e5fd8e96ef96bfa4072b7f2634cbc448b1099b57fc2f091a998de66e87d742ed1e4358e331ecc9c

  • SSDEEP

    768:z/vbjLoWMKYyr4GmHMqZGbISwoYI3eqAx3emW/1H5cD:zPLqKYHsq7ShYI3eqAFem8mD

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      460a14b3a876d3e02767e9f42e18c8bbbacbc4863a1166fd92e51e2eb9a7bc37N.exe

    • Size

      45KB

    • MD5

      f0d2a01b74db988228d5b376a9fe2cd0

    • SHA1

      9c70827fef2514c4171b2f6b0ed4663e0b9b609a

    • SHA256

      460a14b3a876d3e02767e9f42e18c8bbbacbc4863a1166fd92e51e2eb9a7bc37

    • SHA512

      17410da96bfccbb270ae41ab177609d81b379d8522cd28978e5fd8e96ef96bfa4072b7f2634cbc448b1099b57fc2f091a998de66e87d742ed1e4358e331ecc9c

    • SSDEEP

      768:z/vbjLoWMKYyr4GmHMqZGbISwoYI3eqAx3emW/1H5cD:zPLqKYHsq7ShYI3eqAFem8mD

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks