Overview

overview

10

Static

static

3

6c4be96f7a...1N.exe

windows7-x64

10

6c4be96f7a...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c4be96f7a95b2e0b7bab5a15cc239d5c74c636f691a4cb754113d4b949d84b1N.exe

  • Size

    512KB

  • Sample

    241225-x4pcmatrhl

  • MD5

    b3c5e1a2435a5096474a6cbe1ee75570

  • SHA1

    14190feac6f3a280c2b38cbf0ae983b2b696ecf4

  • SHA256

    6c4be96f7a95b2e0b7bab5a15cc239d5c74c636f691a4cb754113d4b949d84b1

  • SHA512

    fd6eeee5e2d0c3280b7facaa97d883da763c36551b93f22b697c85a6345dc6926e9cf9ba5e2031805398aebbffba01251188eeaa144d34d9d4dd1a5e74deeda6

  • SSDEEP

    6144:Mxz6yUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:MxzqUG5t1sI5yl48pArv8o4L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6c4be96f7a95b2e0b7bab5a15cc239d5c74c636f691a4cb754113d4b949d84b1N.exe

    • Size

      512KB

    • MD5

      b3c5e1a2435a5096474a6cbe1ee75570

    • SHA1

      14190feac6f3a280c2b38cbf0ae983b2b696ecf4

    • SHA256

      6c4be96f7a95b2e0b7bab5a15cc239d5c74c636f691a4cb754113d4b949d84b1

    • SHA512

      fd6eeee5e2d0c3280b7facaa97d883da763c36551b93f22b697c85a6345dc6926e9cf9ba5e2031805398aebbffba01251188eeaa144d34d9d4dd1a5e74deeda6

    • SSDEEP

      6144:Mxz6yUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:MxzqUG5t1sI5yl48pArv8o4L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks