Overview

overview

10

Static

static

10

4ffa113081...bd.exe

windows7-x64

10

4ffa113081...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ffa113081420c33b07b9e5438fc71baac9eecd3ce8c5744c646aeadf3baf2bd.exe

  • Size

    318KB

  • Sample

    241222-shrhms1ret

  • MD5

    6c807844bc3d9389f3fb407460071b71

  • SHA1

    9eb4b9cd0c0c9b8652772b5aac14b8f552969b0b

  • SHA256

    4ffa113081420c33b07b9e5438fc71baac9eecd3ce8c5744c646aeadf3baf2bd

  • SHA512

    6d4f2616422d5d7d29cecbd1e0107656713c8e3c10fff3788ce5ac44d8b4684ff6924ea54ff760ceef1576e08b6dbf87d2f403753a849e2074dc6dd73686a574

  • SSDEEP

    6144:UiWiOvlGRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:Ui8vcO4wFHoS04wFHoSrZxk

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4ffa113081420c33b07b9e5438fc71baac9eecd3ce8c5744c646aeadf3baf2bd.exe

    • Size

      318KB

    • MD5

      6c807844bc3d9389f3fb407460071b71

    • SHA1

      9eb4b9cd0c0c9b8652772b5aac14b8f552969b0b

    • SHA256

      4ffa113081420c33b07b9e5438fc71baac9eecd3ce8c5744c646aeadf3baf2bd

    • SHA512

      6d4f2616422d5d7d29cecbd1e0107656713c8e3c10fff3788ce5ac44d8b4684ff6924ea54ff760ceef1576e08b6dbf87d2f403753a849e2074dc6dd73686a574

    • SSDEEP

      6144:UiWiOvlGRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:Ui8vcO4wFHoS04wFHoSrZxk

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks