Overview

overview

10

Static

static

3

bd6e815376...8N.exe

windows7-x64

10

bd6e815376...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd6e815376395a6353abff469a9f0521e3d933441b9550994353ea9249b8fcf8N.exe

  • Size

    101KB

  • Sample

    241207-3xt77awmgr

  • MD5

    fcf1e588755c4ec2a42b33f2f4cc2a90

  • SHA1

    7ffe014ddf841ac4f4d4a19e7794b1df8db53095

  • SHA256

    bd6e815376395a6353abff469a9f0521e3d933441b9550994353ea9249b8fcf8

  • SHA512

    397e4b1827fd0fe595b906b6ac260ad064cc57605cc0402b5dd6a14d6bed6401c5c072731527e4894502ea89dbf66c9582f8e3fa312b64065fc9894560f3139a

  • SSDEEP

    3072:+RqzYTcKCBeS3wtduXqbyu0sY7q5AnrHY4vDX:+RqzYTB43wK853Anr44vDX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      bd6e815376395a6353abff469a9f0521e3d933441b9550994353ea9249b8fcf8N.exe

    • Size

      101KB

    • MD5

      fcf1e588755c4ec2a42b33f2f4cc2a90

    • SHA1

      7ffe014ddf841ac4f4d4a19e7794b1df8db53095

    • SHA256

      bd6e815376395a6353abff469a9f0521e3d933441b9550994353ea9249b8fcf8

    • SHA512

      397e4b1827fd0fe595b906b6ac260ad064cc57605cc0402b5dd6a14d6bed6401c5c072731527e4894502ea89dbf66c9582f8e3fa312b64065fc9894560f3139a

    • SSDEEP

      3072:+RqzYTcKCBeS3wtduXqbyu0sY7q5AnrHY4vDX:+RqzYTB43wK853Anr44vDX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks