Overview

overview

10

Static

static

3

72209bb1d3...db.exe

windows7-x64

10

72209bb1d3...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72209bb1d36a384dc0a3bb91f29ced350233935f56b6c61929a82035b988d8db

  • Size

    67KB

  • Sample

    241207-3tnw1awlcq

  • MD5

    e5633279b9f721db3c70e346dfda2573

  • SHA1

    70ebf249d77ec2a6d6505cd4991ebdac8f21376a

  • SHA256

    72209bb1d36a384dc0a3bb91f29ced350233935f56b6c61929a82035b988d8db

  • SHA512

    7362c48cc5b65bb352c60a60082ad3ccaf40be3be613c8034bada895e1f0f212f49fc733f86a6accde7ca4b689672d2753fc6c86b656704df85c0704f47aec23

  • SSDEEP

    1536:myce/P5/wYDZZcpHbMMoI+kpPsJifTduD4oTxwB:dFw2Z66InPsJibdMTxwB

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      72209bb1d36a384dc0a3bb91f29ced350233935f56b6c61929a82035b988d8db

    • Size

      67KB

    • MD5

      e5633279b9f721db3c70e346dfda2573

    • SHA1

      70ebf249d77ec2a6d6505cd4991ebdac8f21376a

    • SHA256

      72209bb1d36a384dc0a3bb91f29ced350233935f56b6c61929a82035b988d8db

    • SHA512

      7362c48cc5b65bb352c60a60082ad3ccaf40be3be613c8034bada895e1f0f212f49fc733f86a6accde7ca4b689672d2753fc6c86b656704df85c0704f47aec23

    • SSDEEP

      1536:myce/P5/wYDZZcpHbMMoI+kpPsJifTduD4oTxwB:dFw2Z66InPsJibdMTxwB

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks