Overview

overview

10

Static

static

3

51bcddbb83...b4.exe

windows7-x64

10

51bcddbb83...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51bcddbb83eac089b21e9696116c34e2d0b0a020d87eafadf16b31b95c0e45b4.exe

  • Size

    250KB

  • Sample

    241123-n7288a1jfr

  • MD5

    ee75bb92f5f781f165f8db400c31cc72

  • SHA1

    ab3a1b8a56df097529339554a5e019b074fdcb02

  • SHA256

    51bcddbb83eac089b21e9696116c34e2d0b0a020d87eafadf16b31b95c0e45b4

  • SHA512

    139f7eaa4e5b935c3d28b807f64a205276a8bd9bf2626a3b3d286a1a32675db4f8a290aabbd6588e620c7e6e7be3d030e460305dac0dbeca650616b01805b52e

  • SSDEEP

    6144:G6iAb2ydPvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ79:G6j2yQ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      51bcddbb83eac089b21e9696116c34e2d0b0a020d87eafadf16b31b95c0e45b4.exe

    • Size

      250KB

    • MD5

      ee75bb92f5f781f165f8db400c31cc72

    • SHA1

      ab3a1b8a56df097529339554a5e019b074fdcb02

    • SHA256

      51bcddbb83eac089b21e9696116c34e2d0b0a020d87eafadf16b31b95c0e45b4

    • SHA512

      139f7eaa4e5b935c3d28b807f64a205276a8bd9bf2626a3b3d286a1a32675db4f8a290aabbd6588e620c7e6e7be3d030e460305dac0dbeca650616b01805b52e

    • SSDEEP

      6144:G6iAb2ydPvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ79:G6j2yQ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks