Overview

overview

10

Static

static

3

4b65f9af44...1N.exe

windows7-x64

10

4b65f9af44...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b65f9af44312c274420a5bcd3707a4e1b062e81d71cb7912e511a97fd6d9541N.exe

  • Size

    64KB

  • Sample

    241222-j1kcls1jfn

  • MD5

    e21a7e058157919197197c8714ddbd70

  • SHA1

    8b09e6a57758ddceb4779591fa5bc789a777b410

  • SHA256

    4b65f9af44312c274420a5bcd3707a4e1b062e81d71cb7912e511a97fd6d9541

  • SHA512

    5ae9e5b0baed92930b4b42d1e8695e494d39e5e94e580b1fe540ebc1364b5c8837302a11c2b0f48cfe91a0849632b6b6d06087084377aa34014c237781f5a519

  • SSDEEP

    1536:PJ3vJ/bfry9HuuWvwY0lq9lLBsLnVLdGUHyNwW:5Vb+JuuWr0E9lLBsLnVUUHyNwW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4b65f9af44312c274420a5bcd3707a4e1b062e81d71cb7912e511a97fd6d9541N.exe

    • Size

      64KB

    • MD5

      e21a7e058157919197197c8714ddbd70

    • SHA1

      8b09e6a57758ddceb4779591fa5bc789a777b410

    • SHA256

      4b65f9af44312c274420a5bcd3707a4e1b062e81d71cb7912e511a97fd6d9541

    • SHA512

      5ae9e5b0baed92930b4b42d1e8695e494d39e5e94e580b1fe540ebc1364b5c8837302a11c2b0f48cfe91a0849632b6b6d06087084377aa34014c237781f5a519

    • SSDEEP

      1536:PJ3vJ/bfry9HuuWvwY0lq9lLBsLnVLdGUHyNwW:5Vb+JuuWr0E9lLBsLnVUUHyNwW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks