Overview

overview

10

Static

static

3

000d290bc3...69.exe

windows7-x64

10

000d290bc3...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    000d290bc3b71185d283129f10dfd2817b19eff38a746b26fc0113c9391e3969.exe

  • Size

    84KB

  • Sample

    241123-e9kmhsylbw

  • MD5

    6de5529dcd518fa8a44bdec5de1d8f2b

  • SHA1

    a8838d7ce21b6e67664fb1b9722664e243f5f74a

  • SHA256

    000d290bc3b71185d283129f10dfd2817b19eff38a746b26fc0113c9391e3969

  • SHA512

    4d51a1b467427da11c816e09d63b83f3b8c0e4411cc26cf74a67cadd2c4da57f64cac378030879e2bbce9be80afbe189fb6bf9c6f3c0aeae35e65cd3e9d2ad3c

  • SSDEEP

    1536:K/OE4rgYyz/ScPoLp+dGF8ANZLvfPDyH6n8dEelLYR7xeGSmUmmmmmmmmmmmmmmQ:W0rNe3op+IZ3PDyH6n8djlLYR7xr3

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      000d290bc3b71185d283129f10dfd2817b19eff38a746b26fc0113c9391e3969.exe

    • Size

      84KB

    • MD5

      6de5529dcd518fa8a44bdec5de1d8f2b

    • SHA1

      a8838d7ce21b6e67664fb1b9722664e243f5f74a

    • SHA256

      000d290bc3b71185d283129f10dfd2817b19eff38a746b26fc0113c9391e3969

    • SHA512

      4d51a1b467427da11c816e09d63b83f3b8c0e4411cc26cf74a67cadd2c4da57f64cac378030879e2bbce9be80afbe189fb6bf9c6f3c0aeae35e65cd3e9d2ad3c

    • SSDEEP

      1536:K/OE4rgYyz/ScPoLp+dGF8ANZLvfPDyH6n8dEelLYR7xeGSmUmmmmmmmmmmmmmmQ:W0rNe3op+IZ3PDyH6n8djlLYR7xr3

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks