Overview

overview

10

Static

static

10

19d8fe8a3c...9e.exe

windows7-x64

10

19d8fe8a3c...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19d8fe8a3c7b49299708a2bb8861c88626473cc16f914771fa3907c586b8559e

  • Size

    168KB

  • Sample

    241224-ys45dawmcn

  • MD5

    93bf082ea32d375195eadd1b9a874508

  • SHA1

    72248ba9d6d918d0e63ae6575be21336549b909d

  • SHA256

    19d8fe8a3c7b49299708a2bb8861c88626473cc16f914771fa3907c586b8559e

  • SHA512

    3dbb7359419449ff709000e8c128fb24f22c275ae8ac6c9abe20aafd9926f2a5af7130a6851e3499a3fd6ac2954e1963e32ae43e1c2f290e5a32be472dc122e6

  • SSDEEP

    3072:UEXFMBWdseqYkZxwpFwpDuJ8mF9YNTyr4p9t4W987u1j5FaoJ5pFwr:NMB6se/kjiFwpo8mFCNkq9tr987u1dF6

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      19d8fe8a3c7b49299708a2bb8861c88626473cc16f914771fa3907c586b8559e

    • Size

      168KB

    • MD5

      93bf082ea32d375195eadd1b9a874508

    • SHA1

      72248ba9d6d918d0e63ae6575be21336549b909d

    • SHA256

      19d8fe8a3c7b49299708a2bb8861c88626473cc16f914771fa3907c586b8559e

    • SHA512

      3dbb7359419449ff709000e8c128fb24f22c275ae8ac6c9abe20aafd9926f2a5af7130a6851e3499a3fd6ac2954e1963e32ae43e1c2f290e5a32be472dc122e6

    • SSDEEP

      3072:UEXFMBWdseqYkZxwpFwpDuJ8mF9YNTyr4p9t4W987u1j5FaoJ5pFwr:NMB6se/kjiFwpo8mFCNkq9tr987u1dF6

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks