Overview

overview

10

Static

static

3

b431170637...fb.exe

windows7-x64

10

b431170637...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b431170637dfce4ec79db9bee61d7d6619c04ce0d27092f2fc39807c683cc2fb

  • Size

    84KB

  • Sample

    241210-aqke7awrhz

  • MD5

    285fe0816c4696ed99b33ad46fb5c439

  • SHA1

    407325264186423db27bfaf9002b7dabd55a1d78

  • SHA256

    b431170637dfce4ec79db9bee61d7d6619c04ce0d27092f2fc39807c683cc2fb

  • SHA512

    6ac013e316eb2c5ef544ee9d3e8635f60528cdfbe9027d04d8f96c9ebc598241da3f4603d05786291699b05e62d898aa3e592f1d5e26110208e0d75f0369cfbd

  • SSDEEP

    1536:zrD7W1IBDDDL5xSldr5v45EloXSREXHfVPfMVwNKT1iqWUPGc4T7VLP:z7WyDHPSldlQ5EloCREXdXNKT1ntPG95

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b431170637dfce4ec79db9bee61d7d6619c04ce0d27092f2fc39807c683cc2fb

    • Size

      84KB

    • MD5

      285fe0816c4696ed99b33ad46fb5c439

    • SHA1

      407325264186423db27bfaf9002b7dabd55a1d78

    • SHA256

      b431170637dfce4ec79db9bee61d7d6619c04ce0d27092f2fc39807c683cc2fb

    • SHA512

      6ac013e316eb2c5ef544ee9d3e8635f60528cdfbe9027d04d8f96c9ebc598241da3f4603d05786291699b05e62d898aa3e592f1d5e26110208e0d75f0369cfbd

    • SSDEEP

      1536:zrD7W1IBDDDL5xSldr5v45EloXSREXHfVPfMVwNKT1iqWUPGc4T7VLP:z7WyDHPSldlQ5EloCREXdXNKT1ntPG95

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks