Overview

overview

10

Static

static

10

9e7a3f8d81...4N.exe

windows7-x64

10

9e7a3f8d81...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e7a3f8d816cb1087ea9f88f02f099b9a2966ce797aa5c62b5f317bc54f42844N.exe

  • Size

    181KB

  • Sample

    241225-sqgcmswqeq

  • MD5

    b5f97f7ff4f3b62e61e92d8fb6754750

  • SHA1

    aa36af8ccfcbbe58645dc046e914700177fe813d

  • SHA256

    9e7a3f8d816cb1087ea9f88f02f099b9a2966ce797aa5c62b5f317bc54f42844

  • SHA512

    aad51a5dfd8d04d96bd63d35fad54191d5341c07251a30410a4f10613f8a582590295dfe853ad317d9553d9bfc188c328db26975326279b8decbb773063141ca

  • SSDEEP

    3072:fR5lKNyPfd6zAky6nGw0RLDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOg:fR5l+sh6nGwoR5tTDUZNSN58VU5tT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9e7a3f8d816cb1087ea9f88f02f099b9a2966ce797aa5c62b5f317bc54f42844N.exe

    • Size

      181KB

    • MD5

      b5f97f7ff4f3b62e61e92d8fb6754750

    • SHA1

      aa36af8ccfcbbe58645dc046e914700177fe813d

    • SHA256

      9e7a3f8d816cb1087ea9f88f02f099b9a2966ce797aa5c62b5f317bc54f42844

    • SHA512

      aad51a5dfd8d04d96bd63d35fad54191d5341c07251a30410a4f10613f8a582590295dfe853ad317d9553d9bfc188c328db26975326279b8decbb773063141ca

    • SSDEEP

      3072:fR5lKNyPfd6zAky6nGw0RLDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOg:fR5l+sh6nGwoR5tTDUZNSN58VU5tT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks