Overview

overview

10

Static

static

10

ccacb04ac7...2e.exe

windows7-x64

10

ccacb04ac7...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ccacb04ac707abc37775c522452d4de3036753f253269549c6db2fa67fd3972e

  • Size

    379KB

  • Sample

    241223-dp8ceavpbl

  • MD5

    7a31089cff420bb5e585a0d7fc83d122

  • SHA1

    000b72c7db74c4f7d4737360894268c9c28d0456

  • SHA256

    ccacb04ac707abc37775c522452d4de3036753f253269549c6db2fa67fd3972e

  • SHA512

    772c2a3de13398fac99ff2bf6639f0e0bf5a95bd18381f5e781301fa85b7f5fbd72839abb5b42e4c9d68f15427dca5cbb56061b4ece538fd3d9444cda794e821

  • SSDEEP

    6144:UtJ5Lli7O/0xLxli7O//yb1c3ccU0S6GyTgfiEkrE:Sn6vxr6lGHaXyTg6EkrE

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ccacb04ac707abc37775c522452d4de3036753f253269549c6db2fa67fd3972e

    • Size

      379KB

    • MD5

      7a31089cff420bb5e585a0d7fc83d122

    • SHA1

      000b72c7db74c4f7d4737360894268c9c28d0456

    • SHA256

      ccacb04ac707abc37775c522452d4de3036753f253269549c6db2fa67fd3972e

    • SHA512

      772c2a3de13398fac99ff2bf6639f0e0bf5a95bd18381f5e781301fa85b7f5fbd72839abb5b42e4c9d68f15427dca5cbb56061b4ece538fd3d9444cda794e821

    • SSDEEP

      6144:UtJ5Lli7O/0xLxli7O//yb1c3ccU0S6GyTgfiEkrE:Sn6vxr6lGHaXyTg6EkrE

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks