Overview

overview

10

Static

static

10

23d18e2e94...de.exe

windows7-x64

10

23d18e2e94...de.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    23d18e2e94bba5f8f293d624b1fbf1c566359c2108385da912df541f571ceade.exe

  • Size

    232KB

  • Sample

    241123-cmpa3s1pbm

  • MD5

    c55e07b8281ce1009cfc9ec2055821f0

  • SHA1

    5d115ecb2c79aba2e656bdefb56b6d9546b1801b

  • SHA256

    23d18e2e94bba5f8f293d624b1fbf1c566359c2108385da912df541f571ceade

  • SHA512

    9fc7b814fc3f5395dea2bca3650d733478e48c5780f0b0149faddf7e40ec33875114552fb1c4aa063e739de67564eac4f4387c2f2a291a315d9598e51fb2e976

  • SSDEEP

    3072:t5NNfTKy7usluTXp6UF5wzec+tZOnU1/s5HH0AU/yRvS3u121TzlbNRfzPadOX:vNNfTKy6s21L7/s50z/Wa3/PNlPd

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      23d18e2e94bba5f8f293d624b1fbf1c566359c2108385da912df541f571ceade.exe

    • Size

      232KB

    • MD5

      c55e07b8281ce1009cfc9ec2055821f0

    • SHA1

      5d115ecb2c79aba2e656bdefb56b6d9546b1801b

    • SHA256

      23d18e2e94bba5f8f293d624b1fbf1c566359c2108385da912df541f571ceade

    • SHA512

      9fc7b814fc3f5395dea2bca3650d733478e48c5780f0b0149faddf7e40ec33875114552fb1c4aa063e739de67564eac4f4387c2f2a291a315d9598e51fb2e976

    • SSDEEP

      3072:t5NNfTKy7usluTXp6UF5wzec+tZOnU1/s5HH0AU/yRvS3u121TzlbNRfzPadOX:vNNfTKy6s21L7/s50z/Wa3/PNlPd

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks