Overview

overview

10

Static

static

3

ec92aedbb9...5N.exe

windows7-x64

10

ec92aedbb9...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec92aedbb90139081d9b373c099ded9bb9a4eee6188eb50cc635964a33b05885N.exe

  • Size

    335KB

  • Sample

    241208-abyn9s1nb1

  • MD5

    a53e8c28f3daf250242dbb759171ed20

  • SHA1

    4a5b432e36851ff063f2807b9a8b2f15f498058e

  • SHA256

    ec92aedbb90139081d9b373c099ded9bb9a4eee6188eb50cc635964a33b05885

  • SHA512

    26c01e8c4d4d2eeb3febf4da070730fbe7838a9af8c9fc2b70b01a716b3f3c76d8823a249b6d95c1aad31daec9758928c7b02082c1f421cd0edeb57f43abd189

  • SSDEEP

    6144:rGUQvCqLzvVtjvLvwU/4qwvwU/4qvvwevwU/4q+vwk/4q7:rGUaLR9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ec92aedbb90139081d9b373c099ded9bb9a4eee6188eb50cc635964a33b05885N.exe

    • Size

      335KB

    • MD5

      a53e8c28f3daf250242dbb759171ed20

    • SHA1

      4a5b432e36851ff063f2807b9a8b2f15f498058e

    • SHA256

      ec92aedbb90139081d9b373c099ded9bb9a4eee6188eb50cc635964a33b05885

    • SHA512

      26c01e8c4d4d2eeb3febf4da070730fbe7838a9af8c9fc2b70b01a716b3f3c76d8823a249b6d95c1aad31daec9758928c7b02082c1f421cd0edeb57f43abd189

    • SSDEEP

      6144:rGUQvCqLzvVtjvLvwU/4qwvwU/4qvvwevwU/4q+vwk/4q7:rGUaLR9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks