Overview

overview

10

Static

static

10

1d29f21cc2...fN.exe

windows7-x64

10

1d29f21cc2...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d29f21cc2c297df047cad9b74ff2cae58825ac57bbac9864ca0d31d9f59a56fN.exe

  • Size

    181KB

  • Sample

    241225-zfcd9swqfw

  • MD5

    a9168452d16f4d095386208a73567490

  • SHA1

    9aac6633453996da2b8711a080c042d5d8a75e5a

  • SHA256

    1d29f21cc2c297df047cad9b74ff2cae58825ac57bbac9864ca0d31d9f59a56f

  • SHA512

    ee94183a432cb6f5e7e036c757a37f22be1d0d09681c2a79628eeb866b2ae6bc9e1dfe1b4fa04c36c7c768118ab898d928287129e9c9bb7a7d49766eab163075

  • SSDEEP

    3072:l7rZRCDGDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOg:l7rZoW5tTDUZNSN58VU5tT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1d29f21cc2c297df047cad9b74ff2cae58825ac57bbac9864ca0d31d9f59a56fN.exe

    • Size

      181KB

    • MD5

      a9168452d16f4d095386208a73567490

    • SHA1

      9aac6633453996da2b8711a080c042d5d8a75e5a

    • SHA256

      1d29f21cc2c297df047cad9b74ff2cae58825ac57bbac9864ca0d31d9f59a56f

    • SHA512

      ee94183a432cb6f5e7e036c757a37f22be1d0d09681c2a79628eeb866b2ae6bc9e1dfe1b4fa04c36c7c768118ab898d928287129e9c9bb7a7d49766eab163075

    • SSDEEP

      3072:l7rZRCDGDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOg:l7rZoW5tTDUZNSN58VU5tT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks