Overview

overview

10

Static

static

3

943154889f...3N.exe

windows7-x64

10

943154889f...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    943154889f4bc40e70fcea3956d18c1fdba1df36cff9fecb782604f5500bff03N.exe

  • Size

    64KB

  • Sample

    241222-qaw22szkgj

  • MD5

    ca5e4d6adb2ef49e74944e438adcbd80

  • SHA1

    0c59de8fc72f247b9222f7cc9fabc6e10d01ec58

  • SHA256

    943154889f4bc40e70fcea3956d18c1fdba1df36cff9fecb782604f5500bff03

  • SHA512

    6d5616777c5fdc88e29cc93319ec729fd29f8c3db0abe841f50f22b1839a0f16bba74b5bf5f3f47a4cdc9287d86601807445ba68f13a3c2679eddca872d23bac

  • SSDEEP

    768:22/j1L/q6a9josCnCjamcfFRmqBgDabC/1H5Ee6XJ1IwEGp9ThfzyYsHd:F/j1L/q6a2sCCjJcHm6E+7XUwXfzwd

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      943154889f4bc40e70fcea3956d18c1fdba1df36cff9fecb782604f5500bff03N.exe

    • Size

      64KB

    • MD5

      ca5e4d6adb2ef49e74944e438adcbd80

    • SHA1

      0c59de8fc72f247b9222f7cc9fabc6e10d01ec58

    • SHA256

      943154889f4bc40e70fcea3956d18c1fdba1df36cff9fecb782604f5500bff03

    • SHA512

      6d5616777c5fdc88e29cc93319ec729fd29f8c3db0abe841f50f22b1839a0f16bba74b5bf5f3f47a4cdc9287d86601807445ba68f13a3c2679eddca872d23bac

    • SSDEEP

      768:22/j1L/q6a9josCnCjamcfFRmqBgDabC/1H5Ee6XJ1IwEGp9ThfzyYsHd:F/j1L/q6a2sCCjJcHm6E+7XUwXfzwd

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks