Overview

overview

10

Static

static

3

0544cee557...10.exe

windows7-x64

10

0544cee557...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0544cee55739ca8575ee4dc69eb399154c527b311c9706fda5cdce37ffd4af10

  • Size

    72KB

  • Sample

    241207-x5d82syre1

  • MD5

    5814523a8add8466729d5b8ba33c639a

  • SHA1

    7af1136fd40adee0d28994a8d15ae30e48d9d0c9

  • SHA256

    0544cee55739ca8575ee4dc69eb399154c527b311c9706fda5cdce37ffd4af10

  • SHA512

    56b3ff35c6861154b0a581c95d9805b76d6e9b51af55d65b2cd646295b3574b928fa781b9c9a27e718d403c07044d14694d44de801e14eaf302f2c2e94fa7c0c

  • SSDEEP

    1536:WtIGmjgJvXFrjIYnIKSLh7bd/FPgUN3QivEtA:AFvLSLh7J/FPgU5QJA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0544cee55739ca8575ee4dc69eb399154c527b311c9706fda5cdce37ffd4af10

    • Size

      72KB

    • MD5

      5814523a8add8466729d5b8ba33c639a

    • SHA1

      7af1136fd40adee0d28994a8d15ae30e48d9d0c9

    • SHA256

      0544cee55739ca8575ee4dc69eb399154c527b311c9706fda5cdce37ffd4af10

    • SHA512

      56b3ff35c6861154b0a581c95d9805b76d6e9b51af55d65b2cd646295b3574b928fa781b9c9a27e718d403c07044d14694d44de801e14eaf302f2c2e94fa7c0c

    • SSDEEP

      1536:WtIGmjgJvXFrjIYnIKSLh7bd/FPgUN3QivEtA:AFvLSLh7J/FPgU5QJA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks