Overview

overview

10

Static

static

3

e981728dc6...28.exe

windows7-x64

10

e981728dc6...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e981728dc6faefe3d28f5f69dc8dd94dde6a98a737872e56d67b06a40e9c2d28.exe

  • Size

    85KB

  • Sample

    241123-ztcbessnbl

  • MD5

    b8f26e51ed0865a0f9f6164cbd532039

  • SHA1

    ab321e40fa0c0eded08fab5c2e33c192b244f1a6

  • SHA256

    e981728dc6faefe3d28f5f69dc8dd94dde6a98a737872e56d67b06a40e9c2d28

  • SHA512

    fdded883e4c237e37a5bc0f38ed5fade2a14080b2fb69d3bfce07c7d4d74afabfc323c05d2b18a074af0b0be097c362bc4d0225b99a5741181ce615e51563746

  • SSDEEP

    1536:l1uGePsgGnnl7Yo/RqZSu3ytNJ1GlO7uXcNvvm5yw/Lb0OUrrQ35wNBx:KJPRmn9eSFJ1h7usluTXp6x

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e981728dc6faefe3d28f5f69dc8dd94dde6a98a737872e56d67b06a40e9c2d28.exe

    • Size

      85KB

    • MD5

      b8f26e51ed0865a0f9f6164cbd532039

    • SHA1

      ab321e40fa0c0eded08fab5c2e33c192b244f1a6

    • SHA256

      e981728dc6faefe3d28f5f69dc8dd94dde6a98a737872e56d67b06a40e9c2d28

    • SHA512

      fdded883e4c237e37a5bc0f38ed5fade2a14080b2fb69d3bfce07c7d4d74afabfc323c05d2b18a074af0b0be097c362bc4d0225b99a5741181ce615e51563746

    • SSDEEP

      1536:l1uGePsgGnnl7Yo/RqZSu3ytNJ1GlO7uXcNvvm5yw/Lb0OUrrQ35wNBx:KJPRmn9eSFJ1h7usluTXp6x

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks