Overview

overview

10

Static

static

3

3538e91b56...4N.exe

windows7-x64

10

3538e91b56...4N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3538e91b56041c95b6f4d419b067e710cc60b8394e1cd96b23cf9218a407f8d4N

  • Size

    52KB

  • Sample

    241006-eb317s1hmm

  • MD5

    a370f7f8c500ea19295d22b8d8cde9a0

  • SHA1

    aa99de0e489d0019b5e0c765a1c184a349814042

  • SHA256

    3538e91b56041c95b6f4d419b067e710cc60b8394e1cd96b23cf9218a407f8d4

  • SHA512

    00fba8bda4890762f980df07dbe4439a56106eb2abb43d168c0da9b19494c788eecb6ff025c8760e2104210db8a4bfc7d2a1039122b990d58fdeac8eb42f47dd

  • SSDEEP

    768:u/VLzwETXKllxN9K7Nj4a+Tx3PSOqbQn8zEJoYC/PPECiPGxclKS609bxCDCad/o:u/VwEDKbvApQxVYQUrYKsBb4Ww1MAdKZ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3538e91b56041c95b6f4d419b067e710cc60b8394e1cd96b23cf9218a407f8d4N

    • Size

      52KB

    • MD5

      a370f7f8c500ea19295d22b8d8cde9a0

    • SHA1

      aa99de0e489d0019b5e0c765a1c184a349814042

    • SHA256

      3538e91b56041c95b6f4d419b067e710cc60b8394e1cd96b23cf9218a407f8d4

    • SHA512

      00fba8bda4890762f980df07dbe4439a56106eb2abb43d168c0da9b19494c788eecb6ff025c8760e2104210db8a4bfc7d2a1039122b990d58fdeac8eb42f47dd

    • SSDEEP

      768:u/VLzwETXKllxN9K7Nj4a+Tx3PSOqbQn8zEJoYC/PPECiPGxclKS609bxCDCad/o:u/VwEDKbvApQxVYQUrYKsBb4Ww1MAdKZ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks