Overview

overview

10

Static

static

3

e9dbb875af...22.exe

windows7-x64

10

e9dbb875af...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9dbb875af1643d7c880202cb3569092a41fed2cf5f456d753442220fc64b822

  • Size

    67KB

  • Sample

    241123-fgkbqavndj

  • MD5

    2cbdc69fbbe852f9089d260099970d6e

  • SHA1

    e2d22a3f5060483874f5fc6f8ad53004edfee944

  • SHA256

    e9dbb875af1643d7c880202cb3569092a41fed2cf5f456d753442220fc64b822

  • SHA512

    f492eac298e9e2351cbc70c83cfad873c58b6dccd67330eb54cd529f0cf9c448a93102a7def7d29dd12866cab28de3f9c64be6a1cdd19b1af6d5bff7b5025394

  • SSDEEP

    1536:GdGg8dDBapOAOd9yMXf4DFVsJifTduD4oTxw:G4g8TapOpdb4DFVsJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e9dbb875af1643d7c880202cb3569092a41fed2cf5f456d753442220fc64b822

    • Size

      67KB

    • MD5

      2cbdc69fbbe852f9089d260099970d6e

    • SHA1

      e2d22a3f5060483874f5fc6f8ad53004edfee944

    • SHA256

      e9dbb875af1643d7c880202cb3569092a41fed2cf5f456d753442220fc64b822

    • SHA512

      f492eac298e9e2351cbc70c83cfad873c58b6dccd67330eb54cd529f0cf9c448a93102a7def7d29dd12866cab28de3f9c64be6a1cdd19b1af6d5bff7b5025394

    • SSDEEP

      1536:GdGg8dDBapOAOd9yMXf4DFVsJifTduD4oTxw:G4g8TapOpdb4DFVsJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks