Overview

overview

10

Static

static

3

71f4267261...ae.exe

windows7-x64

10

71f4267261...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71f42672612104e82d12139342f3135932132abbb8ce7e8ec0da04254badadae

  • Size

    113KB

  • Sample

    241207-3s93va1jex

  • MD5

    ba06e3c293ea5dca5d8398acde92692b

  • SHA1

    1de4b4a38d824aa0fce26a8f4eb69e92e8d8c3dd

  • SHA256

    71f42672612104e82d12139342f3135932132abbb8ce7e8ec0da04254badadae

  • SHA512

    1800693be7f3f75d6237b1a0d84acc06d6b26032a269cd5a8b689ad6213e10adb673181bd5f751b018ac8a1cd767631620cb990631144397b4b92b625cf0bfc9

  • SSDEEP

    1536:6WkhIzrz4URdvzuLqmn+3KO617DWkZFfScD7SzCbHWrAW8wTWiliX:6W8Izrs7+aOuGkZFfFSebHWrH8wTW0

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      71f42672612104e82d12139342f3135932132abbb8ce7e8ec0da04254badadae

    • Size

      113KB

    • MD5

      ba06e3c293ea5dca5d8398acde92692b

    • SHA1

      1de4b4a38d824aa0fce26a8f4eb69e92e8d8c3dd

    • SHA256

      71f42672612104e82d12139342f3135932132abbb8ce7e8ec0da04254badadae

    • SHA512

      1800693be7f3f75d6237b1a0d84acc06d6b26032a269cd5a8b689ad6213e10adb673181bd5f751b018ac8a1cd767631620cb990631144397b4b92b625cf0bfc9

    • SSDEEP

      1536:6WkhIzrz4URdvzuLqmn+3KO617DWkZFfScD7SzCbHWrAW8wTWiliX:6W8Izrs7+aOuGkZFfFSebHWrH8wTW0

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks