Overview

overview

10

Static

static

3

04de0343b5...28.exe

windows7-x64

10

04de0343b5...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04de0343b5f05b21cf2edfcdce643f4deaedf80813c6459ef0677bed90083028.exe

  • Size

    52KB

  • Sample

    241120-d4kjws1aqn

  • MD5

    71aa3303a703fe7c3e792194ca9ea9b8

  • SHA1

    55fdfce8d594ad51cc6aba8fda27f86af49d3e98

  • SHA256

    04de0343b5f05b21cf2edfcdce643f4deaedf80813c6459ef0677bed90083028

  • SHA512

    958faa203810b9951526d0283230e0e81e855a36cedebe7877f39c9f1ee62eeeb9c0c3f46573c14d97550fa3922e36ca476609c89937ea7ed1956fe42f964007

  • SSDEEP

    1536:xfLJovHW6V7XXGLUrtsaUbBi2PMKGB7MAdKL:xzStXGLS+HBdMKGdMRL

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      04de0343b5f05b21cf2edfcdce643f4deaedf80813c6459ef0677bed90083028.exe

    • Size

      52KB

    • MD5

      71aa3303a703fe7c3e792194ca9ea9b8

    • SHA1

      55fdfce8d594ad51cc6aba8fda27f86af49d3e98

    • SHA256

      04de0343b5f05b21cf2edfcdce643f4deaedf80813c6459ef0677bed90083028

    • SHA512

      958faa203810b9951526d0283230e0e81e855a36cedebe7877f39c9f1ee62eeeb9c0c3f46573c14d97550fa3922e36ca476609c89937ea7ed1956fe42f964007

    • SSDEEP

      1536:xfLJovHW6V7XXGLUrtsaUbBi2PMKGB7MAdKL:xzStXGLS+HBdMKGdMRL

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks