Overview

overview

10

Static

static

10

42705f36d9...3N.exe

windows7-x64

10

42705f36d9...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42705f36d9595a1e0b341cd9624afa2faad3c57bd5f2b7e17ae6abb0ef2e1db3N.exe

  • Size

    363KB

  • Sample

    250120-k5l8faslan

  • MD5

    e0d3085c2b3824c73ad93316f5a2a610

  • SHA1

    3511741fccec89da6b5ac574d55cff208fc09ffc

  • SHA256

    42705f36d9595a1e0b341cd9624afa2faad3c57bd5f2b7e17ae6abb0ef2e1db3

  • SHA512

    7d7d90e4efc8883a845531d2a982a71ee2305492230456191f574d5e399a96881a83a6a49cade7274c518829460849aee6fe0eb7dfc10a0c56620f08aaf49d52

  • SSDEEP

    6144:jHF0yBVU5tTbVXksax8n5tTDUZNSN58VU5tT:jXG5tP6sus5t6NSN6G5t

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      42705f36d9595a1e0b341cd9624afa2faad3c57bd5f2b7e17ae6abb0ef2e1db3N.exe

    • Size

      363KB

    • MD5

      e0d3085c2b3824c73ad93316f5a2a610

    • SHA1

      3511741fccec89da6b5ac574d55cff208fc09ffc

    • SHA256

      42705f36d9595a1e0b341cd9624afa2faad3c57bd5f2b7e17ae6abb0ef2e1db3

    • SHA512

      7d7d90e4efc8883a845531d2a982a71ee2305492230456191f574d5e399a96881a83a6a49cade7274c518829460849aee6fe0eb7dfc10a0c56620f08aaf49d52

    • SSDEEP

      6144:jHF0yBVU5tTbVXksax8n5tTDUZNSN58VU5tT:jXG5tP6sus5t6NSN6G5t

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks