Overview

overview

10

Static

static

3

1f16450d2a...d3.exe

windows7-x64

10

1f16450d2a...d3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f16450d2ac289c58e7be2f8263290705c97e6ab8dbce578ae505a2e268c6bd3.exe

  • Size

    512KB

  • Sample

    241225-r9gbbawkgq

  • MD5

    85ceb10ac31de6046bfdf57fb60c6138

  • SHA1

    c4fdccb19cca64dfedf3f0fe15ff6cd29ad3c5ad

  • SHA256

    1f16450d2ac289c58e7be2f8263290705c97e6ab8dbce578ae505a2e268c6bd3

  • SHA512

    a1924c9ad548b933575f37417f13e802d2b71b9eab0c420c19b04500f8e8861e2dfa813dd368fb13d65be6d0af90153f4c2dc88d4049a772e9b2e493232184a5

  • SSDEEP

    6144:Et5m6hDcU853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZD:Et5mUQBpnchWcZD

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1f16450d2ac289c58e7be2f8263290705c97e6ab8dbce578ae505a2e268c6bd3.exe

    • Size

      512KB

    • MD5

      85ceb10ac31de6046bfdf57fb60c6138

    • SHA1

      c4fdccb19cca64dfedf3f0fe15ff6cd29ad3c5ad

    • SHA256

      1f16450d2ac289c58e7be2f8263290705c97e6ab8dbce578ae505a2e268c6bd3

    • SHA512

      a1924c9ad548b933575f37417f13e802d2b71b9eab0c420c19b04500f8e8861e2dfa813dd368fb13d65be6d0af90153f4c2dc88d4049a772e9b2e493232184a5

    • SSDEEP

      6144:Et5m6hDcU853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZD:Et5mUQBpnchWcZD

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks