Overview

overview

10

Static

static

3

aa86cf424e...fN.exe

windows7-x64

10

aa86cf424e...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa86cf424e47e526b7e988d281bebc795dcad89c4cb653379b54c93d19eea54fN.exe

  • Size

    256KB

  • Sample

    241208-epj59axjap

  • MD5

    f12e96a396bed3f7c7760ed8d23615b0

  • SHA1

    52dae444a49a45434719cfbed4f30a048c447649

  • SHA256

    aa86cf424e47e526b7e988d281bebc795dcad89c4cb653379b54c93d19eea54f

  • SHA512

    63937de0a69c4811a3b34a8c2ffa9ec15b7b17381d5bb4f4d837fbce806e5c0477ad472aa97d3e8501c8622d5b5cd65718ff14d86ff1c27918e1da8d66b71ed6

  • SSDEEP

    6144:Ah1l1Rd853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:eLQBpnchWcZj

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      aa86cf424e47e526b7e988d281bebc795dcad89c4cb653379b54c93d19eea54fN.exe

    • Size

      256KB

    • MD5

      f12e96a396bed3f7c7760ed8d23615b0

    • SHA1

      52dae444a49a45434719cfbed4f30a048c447649

    • SHA256

      aa86cf424e47e526b7e988d281bebc795dcad89c4cb653379b54c93d19eea54f

    • SHA512

      63937de0a69c4811a3b34a8c2ffa9ec15b7b17381d5bb4f4d837fbce806e5c0477ad472aa97d3e8501c8622d5b5cd65718ff14d86ff1c27918e1da8d66b71ed6

    • SSDEEP

      6144:Ah1l1Rd853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZj:eLQBpnchWcZj

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks