Overview

overview

10

Static

static

3

db894c6f42...38.exe

windows7-x64

10

db894c6f42...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db894c6f42707e69ed4b3818a4005f55f5abdd84f652a7f4cd0da5ad6f0b4e38

  • Size

    320KB

  • Sample

    241121-ldxers1kas

  • MD5

    c84f34067a260c370ef3108258d68dd5

  • SHA1

    622e57f190a3e97c68400806b7bbe30cb210695f

  • SHA256

    db894c6f42707e69ed4b3818a4005f55f5abdd84f652a7f4cd0da5ad6f0b4e38

  • SHA512

    0046907d8216e49e9b25cd1c6c90994a66c2a43f4b66ed8b955e7a5ddccb1877fd08c69457c1ada975ec898b601a1a7bb630bbb2b490b438a1c11510996a096d

  • SSDEEP

    6144:5Mo236s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nh:So3705kWM/9J6gqGBf/h

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      db894c6f42707e69ed4b3818a4005f55f5abdd84f652a7f4cd0da5ad6f0b4e38

    • Size

      320KB

    • MD5

      c84f34067a260c370ef3108258d68dd5

    • SHA1

      622e57f190a3e97c68400806b7bbe30cb210695f

    • SHA256

      db894c6f42707e69ed4b3818a4005f55f5abdd84f652a7f4cd0da5ad6f0b4e38

    • SHA512

      0046907d8216e49e9b25cd1c6c90994a66c2a43f4b66ed8b955e7a5ddccb1877fd08c69457c1ada975ec898b601a1a7bb630bbb2b490b438a1c11510996a096d

    • SSDEEP

      6144:5Mo236s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nh:So3705kWM/9J6gqGBf/h

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks