Overview

overview

10

Static

static

3

ec34d2e722...4N.exe

windows7-x64

10

ec34d2e722...4N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ec34d2e72236d60a7fe2d17e2077245fb6995695c7c9d8650183961a0332d464N.exe

  • Size

    85KB

  • Sample

    241123-ptcl3s1mdp

  • MD5

    cf3339f3ef5a24148b780965a9037870

  • SHA1

    66ec24d61573040bc11a8f38afbf691eada78706

  • SHA256

    ec34d2e72236d60a7fe2d17e2077245fb6995695c7c9d8650183961a0332d464

  • SHA512

    762d8a653adb536213deb85586039fed8e5be7a4ded9b947acc52ce26e9baee1db64ed2abdc4ce32adf508385a3be7e65ab3509def04f4283538f5fb5cd70029

  • SSDEEP

    1536:NMcqyNxyiAokISlAClfZYHylO7uXcNvvm5yw/Lb0OUrrQ35wNBB:f3NxuoLSlnYHl7usluTXp6B

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ec34d2e72236d60a7fe2d17e2077245fb6995695c7c9d8650183961a0332d464N.exe

    • Size

      85KB

    • MD5

      cf3339f3ef5a24148b780965a9037870

    • SHA1

      66ec24d61573040bc11a8f38afbf691eada78706

    • SHA256

      ec34d2e72236d60a7fe2d17e2077245fb6995695c7c9d8650183961a0332d464

    • SHA512

      762d8a653adb536213deb85586039fed8e5be7a4ded9b947acc52ce26e9baee1db64ed2abdc4ce32adf508385a3be7e65ab3509def04f4283538f5fb5cd70029

    • SSDEEP

      1536:NMcqyNxyiAokISlAClfZYHylO7uXcNvvm5yw/Lb0OUrrQ35wNBB:f3NxuoLSlnYHl7usluTXp6B

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks