Overview

overview

10

Static

static

3

e43b85e66f...eN.exe

windows7-x64

10

e43b85e66f...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e43b85e66f00f56d02e6c02be32dd37f8aa63b8a8f53b7489e88651103d0bffeN.exe

  • Size

    335KB

  • Sample

    241208-ap6a9sskd1

  • MD5

    f9e9ba0bf4eb48662caa44f56590f600

  • SHA1

    81ae1aba9fc798a0c3747e274259c8316e3594b3

  • SHA256

    e43b85e66f00f56d02e6c02be32dd37f8aa63b8a8f53b7489e88651103d0bffe

  • SHA512

    97acd5fabf0474e15a215c6d6b8b42c0e29934030644c4b199805529d65fd72b11ddddd0e1e963024cff35fe3662dd061462461e73219df587eea04873bcaea3

  • SSDEEP

    6144:TjggHE8jvLvwU/4qwvwU/4qvvwevwU/4q+vwk/4qB:TcOn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e43b85e66f00f56d02e6c02be32dd37f8aa63b8a8f53b7489e88651103d0bffeN.exe

    • Size

      335KB

    • MD5

      f9e9ba0bf4eb48662caa44f56590f600

    • SHA1

      81ae1aba9fc798a0c3747e274259c8316e3594b3

    • SHA256

      e43b85e66f00f56d02e6c02be32dd37f8aa63b8a8f53b7489e88651103d0bffe

    • SHA512

      97acd5fabf0474e15a215c6d6b8b42c0e29934030644c4b199805529d65fd72b11ddddd0e1e963024cff35fe3662dd061462461e73219df587eea04873bcaea3

    • SSDEEP

      6144:TjggHE8jvLvwU/4qwvwU/4qvvwevwU/4q+vwk/4qB:TcOn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks