Overview

overview

10

Static

static

3

3556b6fe9b...bN.exe

windows7-x64

10

3556b6fe9b...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3556b6fe9b68b32bfb4fd075be993b7d4fb66cf0df0209152a2c7d11ff5285ebN.exe

  • Size

    93KB

  • Sample

    241207-1zvkmawnbw

  • MD5

    cdc7168a2201327424f804a47d992090

  • SHA1

    af02239c3ff35e7a0de074331af9c86522d3ae76

  • SHA256

    3556b6fe9b68b32bfb4fd075be993b7d4fb66cf0df0209152a2c7d11ff5285eb

  • SHA512

    3219b32be37d632abfc555d277b8bf62ac215065b96e5075e8274a41bf3f24292435728d13bf139dc5114474555fd87151d4d6501e62083b767874d0f70d694e

  • SSDEEP

    1536:jbbrB1juQtPD0ZI4CDXf8qVlO7uXcNvvm5yw/Lb0OUrrQ35wNBUyVVM:jbf7FtQZWDX9O7usluTXp6Uv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3556b6fe9b68b32bfb4fd075be993b7d4fb66cf0df0209152a2c7d11ff5285ebN.exe

    • Size

      93KB

    • MD5

      cdc7168a2201327424f804a47d992090

    • SHA1

      af02239c3ff35e7a0de074331af9c86522d3ae76

    • SHA256

      3556b6fe9b68b32bfb4fd075be993b7d4fb66cf0df0209152a2c7d11ff5285eb

    • SHA512

      3219b32be37d632abfc555d277b8bf62ac215065b96e5075e8274a41bf3f24292435728d13bf139dc5114474555fd87151d4d6501e62083b767874d0f70d694e

    • SSDEEP

      1536:jbbrB1juQtPD0ZI4CDXf8qVlO7uXcNvvm5yw/Lb0OUrrQ35wNBUyVVM:jbf7FtQZWDX9O7usluTXp6Uv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks