Overview

overview

10

Static

static

3

89e7c3373c...0N.exe

windows7-x64

10

89e7c3373c...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89e7c3373c00c23c374782b05085e64f37a020d21efe51a5868baf778cfc7490N.exe

  • Size

    1.2MB

  • Sample

    241119-q5bdtswpaw

  • MD5

    dfec047ebe1330e4cb5716b99edc2080

  • SHA1

    1e863e3e79a0b917ac0d6459b2e10425aad610ed

  • SHA256

    89e7c3373c00c23c374782b05085e64f37a020d21efe51a5868baf778cfc7490

  • SHA512

    48db208b8fd843af9319cb50b3ba2402a8065568525edd5df9dab53b3068c0bf947b6d3e04ea8c6d4587d5cff941eca9ea3a2040cb42b03c20155c01bc3d84fd

  • SSDEEP

    6144:Ej0/e/Icl4yjThipmMH/gysNkvC8vA+XTv7FYUwMOFusQ+kJ3StWDKcGVol:IVFv4pnsKvNA+XTvZHWuEo3oW2to

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      89e7c3373c00c23c374782b05085e64f37a020d21efe51a5868baf778cfc7490N.exe

    • Size

      1.2MB

    • MD5

      dfec047ebe1330e4cb5716b99edc2080

    • SHA1

      1e863e3e79a0b917ac0d6459b2e10425aad610ed

    • SHA256

      89e7c3373c00c23c374782b05085e64f37a020d21efe51a5868baf778cfc7490

    • SHA512

      48db208b8fd843af9319cb50b3ba2402a8065568525edd5df9dab53b3068c0bf947b6d3e04ea8c6d4587d5cff941eca9ea3a2040cb42b03c20155c01bc3d84fd

    • SSDEEP

      6144:Ej0/e/Icl4yjThipmMH/gysNkvC8vA+XTv7FYUwMOFusQ+kJ3StWDKcGVol:IVFv4pnsKvNA+XTvZHWuEo3oW2to

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks