Overview

overview

10

Static

static

10

a364908607...17.exe

windows7-x64

10

a364908607...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a364908607c01218d36e40cd99a4469e633be957035bc2d2c67e092fb6d98c17

  • Size

    318KB

  • Sample

    241225-bm6ppasrbt

  • MD5

    ffaa8ada25e2d5bd15618717ea9b0140

  • SHA1

    98a5bb810c381c2d02f684d9529a5c16253b4eaa

  • SHA256

    a364908607c01218d36e40cd99a4469e633be957035bc2d2c67e092fb6d98c17

  • SHA512

    a46e6b36f7254fbf84c7d6b3f0051c376d3859d682d935a60d61785d677cd847a934c46d7209f86483e1d7fdedb5f1d2c00a60d81d08344c4411a50c0830a5ca

  • SSDEEP

    6144:X1zntoYyi+hRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:dtyhO4wFHoS04wFHoSrZx8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a364908607c01218d36e40cd99a4469e633be957035bc2d2c67e092fb6d98c17

    • Size

      318KB

    • MD5

      ffaa8ada25e2d5bd15618717ea9b0140

    • SHA1

      98a5bb810c381c2d02f684d9529a5c16253b4eaa

    • SHA256

      a364908607c01218d36e40cd99a4469e633be957035bc2d2c67e092fb6d98c17

    • SHA512

      a46e6b36f7254fbf84c7d6b3f0051c376d3859d682d935a60d61785d677cd847a934c46d7209f86483e1d7fdedb5f1d2c00a60d81d08344c4411a50c0830a5ca

    • SSDEEP

      6144:X1zntoYyi+hRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:dtyhO4wFHoS04wFHoSrZx8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks