Overview

overview

10

Static

static

3

a54703bb89...8N.exe

windows7-x64

10

a54703bb89...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a54703bb891dbee64c1387f32e057c3002423ae987ab07cde1d989c508f1c108N.exe

  • Size

    48KB

  • Sample

    241222-g8fchsxpek

  • MD5

    79ce11456e4b1e2315f391b138d484d0

  • SHA1

    81492b9cd6ae87cc235bbdf44ad08a0894efb447

  • SHA256

    a54703bb891dbee64c1387f32e057c3002423ae987ab07cde1d989c508f1c108

  • SHA512

    c5f38a00fb60f434da4ba166b533f9ecc4962267d238bc21e81e18fd3b5c1cc0515ae70ccbc8d80c984bd4b9b207dd6e23b7be92fac859820e9d05a337d25eff

  • SSDEEP

    768:kaomWJBBGVqQukjfeaH+YctCqMZM/k48rhfm9BGHl7lk/1H5:TomGlQuk6xYk26k48rh+9BGHl7w

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a54703bb891dbee64c1387f32e057c3002423ae987ab07cde1d989c508f1c108N.exe

    • Size

      48KB

    • MD5

      79ce11456e4b1e2315f391b138d484d0

    • SHA1

      81492b9cd6ae87cc235bbdf44ad08a0894efb447

    • SHA256

      a54703bb891dbee64c1387f32e057c3002423ae987ab07cde1d989c508f1c108

    • SHA512

      c5f38a00fb60f434da4ba166b533f9ecc4962267d238bc21e81e18fd3b5c1cc0515ae70ccbc8d80c984bd4b9b207dd6e23b7be92fac859820e9d05a337d25eff

    • SSDEEP

      768:kaomWJBBGVqQukjfeaH+YctCqMZM/k48rhfm9BGHl7lk/1H5:TomGlQuk6xYk26k48rh+9BGHl7w

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks