Overview

overview

10

Static

static

3

1961d7ee1e...96.exe

windows7-x64

10

1961d7ee1e...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1961d7ee1ef026f730a3d2cde311c6c21707d1c6fe7773983ae8ce5724c41096

  • Size

    84KB

  • Sample

    241209-ylc3baypcy

  • MD5

    0cadcaa49ddc48b770150e14b9cfc63e

  • SHA1

    c3093b8e580156cca65f835968af5977ad193d0f

  • SHA256

    1961d7ee1ef026f730a3d2cde311c6c21707d1c6fe7773983ae8ce5724c41096

  • SHA512

    050ef2489e0a892e0fb5aa6095a3fe2eb64109924e80363cc350dbb1e6d225a608dd4928ae5264a3b4f61fcbafbe6d4af99ee04abf45c6cfe9674bcf2b50b91c

  • SSDEEP

    1536:n9LQgpf0U8LedmAKsIXSREXHfVPfMVwNKT1iqWUPGc4T7VL3:nxQgpOLSLKsICREXdXNKT1ntPG9pb

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1961d7ee1ef026f730a3d2cde311c6c21707d1c6fe7773983ae8ce5724c41096

    • Size

      84KB

    • MD5

      0cadcaa49ddc48b770150e14b9cfc63e

    • SHA1

      c3093b8e580156cca65f835968af5977ad193d0f

    • SHA256

      1961d7ee1ef026f730a3d2cde311c6c21707d1c6fe7773983ae8ce5724c41096

    • SHA512

      050ef2489e0a892e0fb5aa6095a3fe2eb64109924e80363cc350dbb1e6d225a608dd4928ae5264a3b4f61fcbafbe6d4af99ee04abf45c6cfe9674bcf2b50b91c

    • SSDEEP

      1536:n9LQgpf0U8LedmAKsIXSREXHfVPfMVwNKT1iqWUPGc4T7VL3:nxQgpOLSLKsICREXdXNKT1ntPG9pb

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks