Overview

overview

10

Static

static

3

473c89b3cb...de.exe

windows7-x64

10

473c89b3cb...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    473c89b3cb127fa127062ab1cdb1ff19912045d4e5f7ce506e5fecca615e17de

  • Size

    76KB

  • Sample

    241207-11pe1a1raq

  • MD5

    7b33dd6131bdfa9f3b359ab1e310ad62

  • SHA1

    1ed09726ee3e6cb4b52c7fcf29591a3b5dc55a2a

  • SHA256

    473c89b3cb127fa127062ab1cdb1ff19912045d4e5f7ce506e5fecca615e17de

  • SHA512

    ada6c5ffe7218e0dc7f8fbd75c2114a6fc8e6f871e0f940f97d0121007b5ed0139e5cb10f52a4c87cdf9a8c79b2645ae95f4dee95f55f47e9ef4edb81912e2cb

  • SSDEEP

    1536:LPe+ZLy67uGIxjy9MmHnvb0tHioQV+/eCeyvCQ:DqG9MmHnT0tHrk+

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      473c89b3cb127fa127062ab1cdb1ff19912045d4e5f7ce506e5fecca615e17de

    • Size

      76KB

    • MD5

      7b33dd6131bdfa9f3b359ab1e310ad62

    • SHA1

      1ed09726ee3e6cb4b52c7fcf29591a3b5dc55a2a

    • SHA256

      473c89b3cb127fa127062ab1cdb1ff19912045d4e5f7ce506e5fecca615e17de

    • SHA512

      ada6c5ffe7218e0dc7f8fbd75c2114a6fc8e6f871e0f940f97d0121007b5ed0139e5cb10f52a4c87cdf9a8c79b2645ae95f4dee95f55f47e9ef4edb81912e2cb

    • SSDEEP

      1536:LPe+ZLy67uGIxjy9MmHnvb0tHioQV+/eCeyvCQ:DqG9MmHnT0tHrk+

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks