Overview

overview

10

Static

static

3

cffd269816...6f.exe

windows7-x64

10

cffd269816...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cffd269816777ca5916a13c306b12f94ce8f7c8bd0d6102abd12f6f295afc06f

  • Size

    55KB

  • Sample

    241209-ds76taynhz

  • MD5

    d63df9c80304c5dec81504bd9ac58937

  • SHA1

    44265b9a0e03ee980bca7c0e827777f8387b5df0

  • SHA256

    cffd269816777ca5916a13c306b12f94ce8f7c8bd0d6102abd12f6f295afc06f

  • SHA512

    6c50bae767a5bec0aa2294166ffd72f2ff4e5c8c526fecb21f5f9b709b686d71237302f2362b673123dd211ec775875e2192f82c1cf14a719a3fadd50b14ccb7

  • SSDEEP

    1536:A4gEEBJ0l0uaRezEJVcFGZZgoKpmNSoNSd0A3shxD6u:AhEB0uaRezEwFhoKpmNXNW0A8hhZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cffd269816777ca5916a13c306b12f94ce8f7c8bd0d6102abd12f6f295afc06f

    • Size

      55KB

    • MD5

      d63df9c80304c5dec81504bd9ac58937

    • SHA1

      44265b9a0e03ee980bca7c0e827777f8387b5df0

    • SHA256

      cffd269816777ca5916a13c306b12f94ce8f7c8bd0d6102abd12f6f295afc06f

    • SHA512

      6c50bae767a5bec0aa2294166ffd72f2ff4e5c8c526fecb21f5f9b709b686d71237302f2362b673123dd211ec775875e2192f82c1cf14a719a3fadd50b14ccb7

    • SSDEEP

      1536:A4gEEBJ0l0uaRezEJVcFGZZgoKpmNSoNSd0A3shxD6u:AhEB0uaRezEwFhoKpmNXNW0A8hhZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks