Overview

overview

10

Static

static

10

8a86671750...18.exe

windows7-x64

10

8a86671750...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a866717508a95667b6fafff93044e19bf74c582aa9a6bc2e3a6fee51a914d18

  • Size

    335KB

  • Sample

    241208-a4km4ssrby

  • MD5

    e182af35882c5ca7611a18f047aee4c7

  • SHA1

    5f21d84cce4cce1d986e7fa1d42ee61890f01ec3

  • SHA256

    8a866717508a95667b6fafff93044e19bf74c582aa9a6bc2e3a6fee51a914d18

  • SHA512

    cabcf35b1af99a8c704d43ee52d57bd18304c1227b70afe73fa49e889994adb4474f5ed4e4479cde5928786684149f685f54aee1db48593f347d850e84ad9d1d

  • SSDEEP

    6144:FcRMBzMDQvLvwU/4qwvwU/4qvvwevwU/4q+vwk/4qD:cMuE

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      8a866717508a95667b6fafff93044e19bf74c582aa9a6bc2e3a6fee51a914d18

    • Size

      335KB

    • MD5

      e182af35882c5ca7611a18f047aee4c7

    • SHA1

      5f21d84cce4cce1d986e7fa1d42ee61890f01ec3

    • SHA256

      8a866717508a95667b6fafff93044e19bf74c582aa9a6bc2e3a6fee51a914d18

    • SHA512

      cabcf35b1af99a8c704d43ee52d57bd18304c1227b70afe73fa49e889994adb4474f5ed4e4479cde5928786684149f685f54aee1db48593f347d850e84ad9d1d

    • SSDEEP

      6144:FcRMBzMDQvLvwU/4qwvwU/4qvvwevwU/4q+vwk/4qD:cMuE

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks