Overview

overview

10

Static

static

3

909ba572a8...9c.exe

windows7-x64

10

909ba572a8...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    909ba572a80670425e61502ff0a8b0df5137b2cce51a89fac23fde0fd5f8a89c.exe

  • Size

    64KB

  • Sample

    241119-qj5qjswene

  • MD5

    cf0a31911c3cbdad7c6d162a9a4115eb

  • SHA1

    2eb0aa46cf9036544f5f7095c8037d8a58f19b18

  • SHA256

    909ba572a80670425e61502ff0a8b0df5137b2cce51a89fac23fde0fd5f8a89c

  • SHA512

    a44ccce3e03485554205d6a7db2dc8afd62d0694b51349deceae59cfc61385b35d10b6dc933c654de99526328ef374121a4db50f6395cde75ef76d1ca1aa4ae2

  • SSDEEP

    1536:oukEuLcbJMGVTyfbWRDqPEpluRt42UXruCHcpzt/Id9:PNuLEhVGKR2P2uRtNpFw9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      909ba572a80670425e61502ff0a8b0df5137b2cce51a89fac23fde0fd5f8a89c.exe

    • Size

      64KB

    • MD5

      cf0a31911c3cbdad7c6d162a9a4115eb

    • SHA1

      2eb0aa46cf9036544f5f7095c8037d8a58f19b18

    • SHA256

      909ba572a80670425e61502ff0a8b0df5137b2cce51a89fac23fde0fd5f8a89c

    • SHA512

      a44ccce3e03485554205d6a7db2dc8afd62d0694b51349deceae59cfc61385b35d10b6dc933c654de99526328ef374121a4db50f6395cde75ef76d1ca1aa4ae2

    • SSDEEP

      1536:oukEuLcbJMGVTyfbWRDqPEpluRt42UXruCHcpzt/Id9:PNuLEhVGKR2P2uRtNpFw9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks