Overview

overview

10

Static

static

3

f5d213269f...44.exe

windows7-x64

10

f5d213269f...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5d213269f3d8818c8c370c5c3047be1f78bd572801aad7face463787b7ac844

  • Size

    45KB

  • Sample

    241121-pxln6aslcz

  • MD5

    606c131866408f44c97f29ff75ea6486

  • SHA1

    ee38ae0245f5f71d347a3be804e5b68f185e0909

  • SHA256

    f5d213269f3d8818c8c370c5c3047be1f78bd572801aad7face463787b7ac844

  • SHA512

    e3894faa9685e9a89a963167cf12473c7767408c09e920730a72c9872c8399f4962091e097dd5705abce9008451f9549854d7fbbc00d545637b3b4515e55b949

  • SSDEEP

    768:OXxYDcL58DZyM4KlVBVyE9USRTYKNeQ926jfRUFDz5ubv7A217ta/1H5:OXWcWVyM4Uf7cx6lCuL7b17tg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f5d213269f3d8818c8c370c5c3047be1f78bd572801aad7face463787b7ac844

    • Size

      45KB

    • MD5

      606c131866408f44c97f29ff75ea6486

    • SHA1

      ee38ae0245f5f71d347a3be804e5b68f185e0909

    • SHA256

      f5d213269f3d8818c8c370c5c3047be1f78bd572801aad7face463787b7ac844

    • SHA512

      e3894faa9685e9a89a963167cf12473c7767408c09e920730a72c9872c8399f4962091e097dd5705abce9008451f9549854d7fbbc00d545637b3b4515e55b949

    • SSDEEP

      768:OXxYDcL58DZyM4KlVBVyE9USRTYKNeQ926jfRUFDz5ubv7A217ta/1H5:OXWcWVyM4Uf7cx6lCuL7b17tg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks