Overview

overview

10

Static

static

10

c772664c97...02.exe

windows7-x64

10

c772664c97...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c772664c97c1f7a99927aae00ee426dfc9ce7c4a910338aeeb2f6674c48f3e02

  • Size

    318KB

  • Sample

    241209-dj2mnstnaq

  • MD5

    bb77dfe3ab8fa5a4941e41d8d34247eb

  • SHA1

    c7b1d7edf28aa50ef2088d63cfaa3afa17a068ce

  • SHA256

    c772664c97c1f7a99927aae00ee426dfc9ce7c4a910338aeeb2f6674c48f3e02

  • SHA512

    2178afd1419d0a058d384f30d5d29bea2336826e791bcdd089c25d6a7d2e74d44af0af678cb3fe067f2051af132a30af37e23b57576be2fc34b7d994b84e9580

  • SSDEEP

    6144:V85mSEdkQzFmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:y55qzwFHoS04wFHoSrZx8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c772664c97c1f7a99927aae00ee426dfc9ce7c4a910338aeeb2f6674c48f3e02

    • Size

      318KB

    • MD5

      bb77dfe3ab8fa5a4941e41d8d34247eb

    • SHA1

      c7b1d7edf28aa50ef2088d63cfaa3afa17a068ce

    • SHA256

      c772664c97c1f7a99927aae00ee426dfc9ce7c4a910338aeeb2f6674c48f3e02

    • SHA512

      2178afd1419d0a058d384f30d5d29bea2336826e791bcdd089c25d6a7d2e74d44af0af678cb3fe067f2051af132a30af37e23b57576be2fc34b7d994b84e9580

    • SSDEEP

      6144:V85mSEdkQzFmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:y55qzwFHoS04wFHoSrZx8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks