Overview

overview

10

Static

static

3

ebb9f171fc...d4.exe

windows7-x64

10

ebb9f171fc...d4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebb9f171fcfd1a03fa4c8b610e2b9a92784588ce8f56cd12f4689ff4f1d727d4

  • Size

    88KB

  • Sample

    241121-m7n6xswlcm

  • MD5

    4333a9693261900d759efc2ae25d6c08

  • SHA1

    1bc05d6bd7cdcd8545cf2ac0ce38f05b95253af5

  • SHA256

    ebb9f171fcfd1a03fa4c8b610e2b9a92784588ce8f56cd12f4689ff4f1d727d4

  • SHA512

    873b469d2a0234ff2a67678fd557ae2e1fc54e2f8ae7b1df3bf4a154c6d84fe09bf75d0e0391a1f0427e1d649185410b5ad6eeb2083efbe3214a848810b4221c

  • SSDEEP

    1536:ONMgRboyEPxV6HYRWrZWwFL8QOVXtE1ukVd71rFZO7+90vT:05hEEYR8Z1Li9EIIJ15ZO7Vr

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ebb9f171fcfd1a03fa4c8b610e2b9a92784588ce8f56cd12f4689ff4f1d727d4

    • Size

      88KB

    • MD5

      4333a9693261900d759efc2ae25d6c08

    • SHA1

      1bc05d6bd7cdcd8545cf2ac0ce38f05b95253af5

    • SHA256

      ebb9f171fcfd1a03fa4c8b610e2b9a92784588ce8f56cd12f4689ff4f1d727d4

    • SHA512

      873b469d2a0234ff2a67678fd557ae2e1fc54e2f8ae7b1df3bf4a154c6d84fe09bf75d0e0391a1f0427e1d649185410b5ad6eeb2083efbe3214a848810b4221c

    • SSDEEP

      1536:ONMgRboyEPxV6HYRWrZWwFL8QOVXtE1ukVd71rFZO7+90vT:05hEEYR8Z1Li9EIIJ15ZO7Vr

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks