Overview

overview

10

Static

static

10

85e5dacce5...73.exe

windows7-x64

10

85e5dacce5...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85e5dacce50194474e578f28bf6ae2e8d8ea850d79ad8486871c1dbe0d100373

  • Size

    224KB

  • Sample

    241208-awnpssxqgq

  • MD5

    bb5a99ee82787e220415fd4c61b2afba

  • SHA1

    62e43150fe2ffa0757ad99c526071f932dac9ea3

  • SHA256

    85e5dacce50194474e578f28bf6ae2e8d8ea850d79ad8486871c1dbe0d100373

  • SHA512

    f5599eaccc12394e11dfa53af620b94041ee5bc0de7eb4d284d96b5c69158dfd960c831e74130801885d49356b4c89ae9c5d2b219477d12dc287951cabf453a8

  • SSDEEP

    3072:pwghiA+2pIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOgtSU:PP4s5tTDUZNSN58VU5tTtf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      85e5dacce50194474e578f28bf6ae2e8d8ea850d79ad8486871c1dbe0d100373

    • Size

      224KB

    • MD5

      bb5a99ee82787e220415fd4c61b2afba

    • SHA1

      62e43150fe2ffa0757ad99c526071f932dac9ea3

    • SHA256

      85e5dacce50194474e578f28bf6ae2e8d8ea850d79ad8486871c1dbe0d100373

    • SHA512

      f5599eaccc12394e11dfa53af620b94041ee5bc0de7eb4d284d96b5c69158dfd960c831e74130801885d49356b4c89ae9c5d2b219477d12dc287951cabf453a8

    • SSDEEP

      3072:pwghiA+2pIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOgtSU:PP4s5tTDUZNSN58VU5tTtf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks