Overview

overview

10

Static

static

10

f6c613b0e5...6N.exe

windows7-x64

10

f6c613b0e5...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6c613b0e534f8cc76379e7a0136c336f4a16c4fcf12289154e82aded04111e6N.exe

  • Size

    219KB

  • Sample

    241225-zh16eawrgv

  • MD5

    da118d6da3407c040c4177bb87f01280

  • SHA1

    96ed342bcb4c778b81f67f1b79829b7f8a239b13

  • SHA256

    f6c613b0e534f8cc76379e7a0136c336f4a16c4fcf12289154e82aded04111e6

  • SHA512

    467dfe54976a1e2897e6861ae4d192b1f432343435bf335922fa34fbb15577dd129c421fec0c9f57ab8c78229248aadc24b6ea0b15946c3cbc2b0bf58e568623

  • SSDEEP

    3072:V9tW4aN625i4JPzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBt:V90U2BRzDOO0aDD4PCxdXXwSfYrwB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f6c613b0e534f8cc76379e7a0136c336f4a16c4fcf12289154e82aded04111e6N.exe

    • Size

      219KB

    • MD5

      da118d6da3407c040c4177bb87f01280

    • SHA1

      96ed342bcb4c778b81f67f1b79829b7f8a239b13

    • SHA256

      f6c613b0e534f8cc76379e7a0136c336f4a16c4fcf12289154e82aded04111e6

    • SHA512

      467dfe54976a1e2897e6861ae4d192b1f432343435bf335922fa34fbb15577dd129c421fec0c9f57ab8c78229248aadc24b6ea0b15946c3cbc2b0bf58e568623

    • SSDEEP

      3072:V9tW4aN625i4JPzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBt:V90U2BRzDOO0aDD4PCxdXXwSfYrwB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks