Overview

overview

10

Static

static

3

40c42f1c7e...5e.exe

windows7-x64

10

40c42f1c7e...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40c42f1c7e72cb711d34667590b30a2c2d000c35321cf5c722f8d43533e6015e

  • Size

    45KB

  • Sample

    241207-1p1znavrdy

  • MD5

    5673e8d6126a08cb6127afc8772ad1da

  • SHA1

    a3c0a17682d8ebd109d077c5cabdf547606064eb

  • SHA256

    40c42f1c7e72cb711d34667590b30a2c2d000c35321cf5c722f8d43533e6015e

  • SHA512

    b10e9790009d16b6f24d1f3af7617eb599d7e246e613e7276c0e2b14dc7248c7a097e15224fb27f7c31417f4e8e07e7c1d405f24fc6e68af465fbf82310ee2c4

  • SSDEEP

    768:0QthnFwZ5tzX7VNS21bUR3Qu/qLSUgMcCkVLLoLCLt0bKxJf/1H5sj7:0Q7nFwnpX22xtyU/Q42Jxu/

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      40c42f1c7e72cb711d34667590b30a2c2d000c35321cf5c722f8d43533e6015e

    • Size

      45KB

    • MD5

      5673e8d6126a08cb6127afc8772ad1da

    • SHA1

      a3c0a17682d8ebd109d077c5cabdf547606064eb

    • SHA256

      40c42f1c7e72cb711d34667590b30a2c2d000c35321cf5c722f8d43533e6015e

    • SHA512

      b10e9790009d16b6f24d1f3af7617eb599d7e246e613e7276c0e2b14dc7248c7a097e15224fb27f7c31417f4e8e07e7c1d405f24fc6e68af465fbf82310ee2c4

    • SSDEEP

      768:0QthnFwZ5tzX7VNS21bUR3Qu/qLSUgMcCkVLLoLCLt0bKxJf/1H5sj7:0Q7nFwnpX22xtyU/Q42Jxu/

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks