Overview

overview

10

Static

static

3

17fa7e4626...f5.exe

windows7-x64

10

17fa7e4626...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17fa7e46260d698e36db0266dbd43bbeb4e3b3a315ea5b2fda962ed10073cdf5

  • Size

    219KB

  • Sample

    250306-1a675ayms4

  • MD5

    4cebdc08b394f6215d3e4c996a6a75ee

  • SHA1

    194b96931112b26d94ace6340644dca2b8075e77

  • SHA256

    17fa7e46260d698e36db0266dbd43bbeb4e3b3a315ea5b2fda962ed10073cdf5

  • SHA512

    eb06d8b7c81cd778424d714735a0db0c9df4c82cc5ad85dff11aa365ee8adb27e0b1095fcb21c12c7e2f6c0084bece2805981cdc0d1e56d122154e15c87770d9

  • SSDEEP

    3072:TFI5cL2XSFPzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBt:T65cqCVzDOO0aDD4PCxdXXwSfYrwB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      17fa7e46260d698e36db0266dbd43bbeb4e3b3a315ea5b2fda962ed10073cdf5

    • Size

      219KB

    • MD5

      4cebdc08b394f6215d3e4c996a6a75ee

    • SHA1

      194b96931112b26d94ace6340644dca2b8075e77

    • SHA256

      17fa7e46260d698e36db0266dbd43bbeb4e3b3a315ea5b2fda962ed10073cdf5

    • SHA512

      eb06d8b7c81cd778424d714735a0db0c9df4c82cc5ad85dff11aa365ee8adb27e0b1095fcb21c12c7e2f6c0084bece2805981cdc0d1e56d122154e15c87770d9

    • SSDEEP

      3072:TFI5cL2XSFPzwuZkO0aDb/IBPCOQvU6z314EXrjvwSfYrwBt:T65cqCVzDOO0aDD4PCxdXXwSfYrwB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks