Overview

overview

10

Static

static

3

38248cd966...0f.exe

windows7-x64

10

38248cd966...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38248cd966eb285aed450c382808e8ed8cd66590a1d95003075b5c480745370f.exe

  • Size

    363KB

  • Sample

    241123-mczn6ssqgy

  • MD5

    5ef1e4091dc6c7425bb99330f5ab15b1

  • SHA1

    432863e76f8d5b7c713a8d03688cdcb9f7324aa9

  • SHA256

    38248cd966eb285aed450c382808e8ed8cd66590a1d95003075b5c480745370f

  • SHA512

    8e20919a060eb8fee42477f43d67f0c3c3728055fcf883603dce9590ef35739232aeddc4d214c4659f8cf6d873ac70142407a4af73983908cda31cbaeab340aa

  • SSDEEP

    6144:Ox2bEmkVU5tTbVXksax8n5tTDUZNSN58VU5tTV:PMG5tP6sus5t6NSN6G5tB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      38248cd966eb285aed450c382808e8ed8cd66590a1d95003075b5c480745370f.exe

    • Size

      363KB

    • MD5

      5ef1e4091dc6c7425bb99330f5ab15b1

    • SHA1

      432863e76f8d5b7c713a8d03688cdcb9f7324aa9

    • SHA256

      38248cd966eb285aed450c382808e8ed8cd66590a1d95003075b5c480745370f

    • SHA512

      8e20919a060eb8fee42477f43d67f0c3c3728055fcf883603dce9590ef35739232aeddc4d214c4659f8cf6d873ac70142407a4af73983908cda31cbaeab340aa

    • SSDEEP

      6144:Ox2bEmkVU5tTbVXksax8n5tTDUZNSN58VU5tTV:PMG5tP6sus5t6NSN6G5tB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks