Overview

overview

10

Static

static

3

b34411d852...9N.exe

windows7-x64

10

b34411d852...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b34411d852c7198dd69e5d99cc57f969d42e0af5c25f3c1b79932928329745e9N.exe

  • Size

    85KB

  • Sample

    241207-zddvbaxpej

  • MD5

    db515418d3270a4e8186eb38097dcc10

  • SHA1

    e4b4c35e57116bdcfc6752328479d233fd187b37

  • SHA256

    b34411d852c7198dd69e5d99cc57f969d42e0af5c25f3c1b79932928329745e9

  • SHA512

    0eeaa304dae1943fcf2af658caf0e0b7ffb894cdc59c1946c7557c09dab95beb33c3911264a3b2434eaefebbeda2663969ab5881896ba21c3ce8653df8efc249

  • SSDEEP

    1536:t8+Sm20V1m6y/HC6OylO7uXcNvvm5yw/Lb0OUrrQ35wNB5:O+nrV1mBHC6Ol7usluTXp65

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b34411d852c7198dd69e5d99cc57f969d42e0af5c25f3c1b79932928329745e9N.exe

    • Size

      85KB

    • MD5

      db515418d3270a4e8186eb38097dcc10

    • SHA1

      e4b4c35e57116bdcfc6752328479d233fd187b37

    • SHA256

      b34411d852c7198dd69e5d99cc57f969d42e0af5c25f3c1b79932928329745e9

    • SHA512

      0eeaa304dae1943fcf2af658caf0e0b7ffb894cdc59c1946c7557c09dab95beb33c3911264a3b2434eaefebbeda2663969ab5881896ba21c3ce8653df8efc249

    • SSDEEP

      1536:t8+Sm20V1m6y/HC6OylO7uXcNvvm5yw/Lb0OUrrQ35wNB5:O+nrV1mBHC6Ol7usluTXp65

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks