Overview

overview

10

Static

static

10

9a944628e9...7N.exe

windows7-x64

10

9a944628e9...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a944628e92d3d478e5835d4eef16dda1311af19c3079908badd40cdc0956da7N.exe

  • Size

    318KB

  • Sample

    241208-ejxjds1qav

  • MD5

    c178b1ef769f680f923fa7dafd1de870

  • SHA1

    b72e6dd6dc6854ebf9ef5aa462ef150e0cc7e6bb

  • SHA256

    9a944628e92d3d478e5835d4eef16dda1311af19c3079908badd40cdc0956da7

  • SHA512

    e17e128651d1a7a3d9e7a8b836bad24222997a83f2d66fc73524bece698e2599b5d1dec30749b6cbf62dbf603c66a2a08094e628ed8c742123f2fe2c5b552316

  • SSDEEP

    6144:eO2SsM/W2JbRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:hlfWeO4wFHoS04wFHoSrZx8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9a944628e92d3d478e5835d4eef16dda1311af19c3079908badd40cdc0956da7N.exe

    • Size

      318KB

    • MD5

      c178b1ef769f680f923fa7dafd1de870

    • SHA1

      b72e6dd6dc6854ebf9ef5aa462ef150e0cc7e6bb

    • SHA256

      9a944628e92d3d478e5835d4eef16dda1311af19c3079908badd40cdc0956da7

    • SHA512

      e17e128651d1a7a3d9e7a8b836bad24222997a83f2d66fc73524bece698e2599b5d1dec30749b6cbf62dbf603c66a2a08094e628ed8c742123f2fe2c5b552316

    • SSDEEP

      6144:eO2SsM/W2JbRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:hlfWeO4wFHoS04wFHoSrZx8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks