Overview

overview

10

Static

static

3

30a7b93a51...cN.exe

windows7-x64

10

30a7b93a51...cN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30a7b93a51f4061b7e3154028b512765a4fd636ded7e013d2ac91d346382270cN.exe

  • Size

    64KB

  • Sample

    241225-vph6yszndn

  • MD5

    b51ae1857e9b47d57453ed150b1cc580

  • SHA1

    5c60eaf86a41bea6cfb6ce010d201c22ce501d27

  • SHA256

    30a7b93a51f4061b7e3154028b512765a4fd636ded7e013d2ac91d346382270c

  • SHA512

    c4f77e23d8c8a410b88368572e24370d96ed85e5538fc8faf00ef57fd350540e741d108161e75691abb495d7a2c1845a04d24ae4a718851fe15a88f4ce6ca800

  • SSDEEP

    1536:GBu/pPVrWSR6IOeVPx8Z9mMlLBsLnVLdGUHyNwW:GBuxtSSvO8x8Z9mMlLBsLnVUUHyNwW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      30a7b93a51f4061b7e3154028b512765a4fd636ded7e013d2ac91d346382270cN.exe

    • Size

      64KB

    • MD5

      b51ae1857e9b47d57453ed150b1cc580

    • SHA1

      5c60eaf86a41bea6cfb6ce010d201c22ce501d27

    • SHA256

      30a7b93a51f4061b7e3154028b512765a4fd636ded7e013d2ac91d346382270c

    • SHA512

      c4f77e23d8c8a410b88368572e24370d96ed85e5538fc8faf00ef57fd350540e741d108161e75691abb495d7a2c1845a04d24ae4a718851fe15a88f4ce6ca800

    • SSDEEP

      1536:GBu/pPVrWSR6IOeVPx8Z9mMlLBsLnVLdGUHyNwW:GBuxtSSvO8x8Z9mMlLBsLnVUUHyNwW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks