berbew | f2b12782f6c1363c01e7dbbc59a4acdfb7e35f17a06c921f33d5324ffc5ef932 | Triage

Sharing

General

Target

f2b12782f6c1363c01e7dbbc59a4acdfb7e35f17a06c921f33d5324ffc5ef932N.exe
Size

256KB
Sample

241208-aav7rawphj
MD5

ca40c4419c293d3c00ec152ca80e6270
SHA1

c3a61e76d624815e42512d08087b192bd7883cf3
SHA256

f2b12782f6c1363c01e7dbbc59a4acdfb7e35f17a06c921f33d5324ffc5ef932
SHA512

490fe0d7b204196878a85bfe25fdf36c1f0c166b39b2dc747cf67b8e0bb5ea4b81c65595e603b9e3cc36201bc55e1a9e799c81e832b4e2c2ec41a0a13c4334aa
SSDEEP

6144:adXJ9NcMc853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:ad59NcXQBpnchWcZj

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

- Target
  
  f2b12782f6c1363c01e7dbbc59a4acdfb7e35f17a06c921f33d5324ffc5ef932N.exe
- Size
  
  256KB
- MD5
  
  ca40c4419c293d3c00ec152ca80e6270
- SHA1
  
  c3a61e76d624815e42512d08087b192bd7883cf3
- SHA256
  
  f2b12782f6c1363c01e7dbbc59a4acdfb7e35f17a06c921f33d5324ffc5ef932
- SHA512
  
  490fe0d7b204196878a85bfe25fdf36c1f0c166b39b2dc747cf67b8e0bb5ea4b81c65595e603b9e3cc36201bc55e1a9e799c81e832b4e2c2ec41a0a13c4334aa
- SSDEEP
  
  6144:adXJ9NcMc853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:ad59NcXQBpnchWcZj
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence