Overview

overview

10

Static

static

10

ecd919c483...6N.exe

windows7-x64

10

ecd919c483...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecd919c483a029f43827eedc521f3df41e55e8a6dc1752ead50b4e6307aacba6N.exe

  • Size

    428KB

  • Sample

    241207-y8mv2axlgq

  • MD5

    af66a74c9c6145d0a9f7680eda2f0cf0

  • SHA1

    dd2d535c0e928812e727e3690a72283c23606334

  • SHA256

    ecd919c483a029f43827eedc521f3df41e55e8a6dc1752ead50b4e6307aacba6

  • SHA512

    57d11857a358f0770d499edb7bdbe516d87b5f7597bb4be7280b19dc5df2a8678cf3526e2d295a2145e856a74dee8021a43a1d84c270adaa6cae773da4032c50

  • SSDEEP

    6144:3ojTMm4l5ZXZuKVp1fNrNF5ZXZ7SEJtKa4sFj5tPNki9HZd1sFj5tg:4e5hjtFrNF5h0EJtws15tPWu5Ls15tg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ecd919c483a029f43827eedc521f3df41e55e8a6dc1752ead50b4e6307aacba6N.exe

    • Size

      428KB

    • MD5

      af66a74c9c6145d0a9f7680eda2f0cf0

    • SHA1

      dd2d535c0e928812e727e3690a72283c23606334

    • SHA256

      ecd919c483a029f43827eedc521f3df41e55e8a6dc1752ead50b4e6307aacba6

    • SHA512

      57d11857a358f0770d499edb7bdbe516d87b5f7597bb4be7280b19dc5df2a8678cf3526e2d295a2145e856a74dee8021a43a1d84c270adaa6cae773da4032c50

    • SSDEEP

      6144:3ojTMm4l5ZXZuKVp1fNrNF5ZXZ7SEJtKa4sFj5tPNki9HZd1sFj5tg:4e5hjtFrNF5h0EJtws15tPWu5Ls15tg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks