Overview

overview

10

Static

static

3

ffc0f0f995...19.exe

windows7-x64

10

ffc0f0f995...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffc0f0f9958700eb848294697c7514c9dd33daec4b94ccb600a7ff7090f5ec19.exe

  • Size

    97KB

  • Sample

    241207-nlhbxswncr

  • MD5

    0c0572ce96b1faaae6287e5e0ab3c6be

  • SHA1

    d2c69f4468c1bf5d6f3ad009205f9ce7ac761a55

  • SHA256

    ffc0f0f9958700eb848294697c7514c9dd33daec4b94ccb600a7ff7090f5ec19

  • SHA512

    53e25cabbf12341a526ab33581cdc2f3353bcb4a5f547e18fd4786909254f74150e678c148a42379e96bd150f8b16141a112865c35715fee4fc4d9aad38a2c85

  • SSDEEP

    1536:viA+D6hqAHe3NajrYRYeXUwXfzwE57pvJXeYZ6:9+D/AHKajr0LPzwm7pJXeK6

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ffc0f0f9958700eb848294697c7514c9dd33daec4b94ccb600a7ff7090f5ec19.exe

    • Size

      97KB

    • MD5

      0c0572ce96b1faaae6287e5e0ab3c6be

    • SHA1

      d2c69f4468c1bf5d6f3ad009205f9ce7ac761a55

    • SHA256

      ffc0f0f9958700eb848294697c7514c9dd33daec4b94ccb600a7ff7090f5ec19

    • SHA512

      53e25cabbf12341a526ab33581cdc2f3353bcb4a5f547e18fd4786909254f74150e678c148a42379e96bd150f8b16141a112865c35715fee4fc4d9aad38a2c85

    • SSDEEP

      1536:viA+D6hqAHe3NajrYRYeXUwXfzwE57pvJXeYZ6:9+D/AHKajr0LPzwm7pJXeK6

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks