Overview

overview

10

Static

static

3

c5a580700a...e4.exe

windows7-x64

10

c5a580700a...e4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5a580700ac9635c825c096373c4626bde39b14081aebeda87cd6ee181c742e4.exe

  • Size

    379KB

  • Sample

    241123-kptbtaykel

  • MD5

    6032d7fde78a7d9265dcd03a62e5959c

  • SHA1

    426dc404f65739e6521cbde8dac6b28ca62ec134

  • SHA256

    c5a580700ac9635c825c096373c4626bde39b14081aebeda87cd6ee181c742e4

  • SHA512

    2e142d9eda4882ff78363cb294f2fa0cc7dabfbcc537c58bf8a90e8d0cd48c2982645f12353900bae47a357f1c9bde4658356e25af2c98e59fe23088f413465e

  • SSDEEP

    6144:ReJOaTli7O/0xLxli7O//yb1c3ccU0S6GyTgfiEkrE:ReJT6vxr6lGHaXyTg6EkrE

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c5a580700ac9635c825c096373c4626bde39b14081aebeda87cd6ee181c742e4.exe

    • Size

      379KB

    • MD5

      6032d7fde78a7d9265dcd03a62e5959c

    • SHA1

      426dc404f65739e6521cbde8dac6b28ca62ec134

    • SHA256

      c5a580700ac9635c825c096373c4626bde39b14081aebeda87cd6ee181c742e4

    • SHA512

      2e142d9eda4882ff78363cb294f2fa0cc7dabfbcc537c58bf8a90e8d0cd48c2982645f12353900bae47a357f1c9bde4658356e25af2c98e59fe23088f413465e

    • SSDEEP

      6144:ReJOaTli7O/0xLxli7O//yb1c3ccU0S6GyTgfiEkrE:ReJT6vxr6lGHaXyTg6EkrE

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks