Overview

overview

10

Static

static

3

d888f2f463...bf.exe

windows7-x64

10

d888f2f463...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d888f2f46384e34ba044a30b6f69cbbbf5ffd706db973b20dc4676a77cbb43bf

  • Size

    64KB

  • Sample

    241208-d6b1javrhk

  • MD5

    fe40a0951b59cda28e4d66be5e71308c

  • SHA1

    9f15b8ef774e6103ec84bba8755a9f18b6e3f1fd

  • SHA256

    d888f2f46384e34ba044a30b6f69cbbbf5ffd706db973b20dc4676a77cbb43bf

  • SHA512

    4d5ce74d4091af78d02babc3294bdf7aef85710f7930bf68763a90937cb2a6f2b2d4bde697ce18989d5d3a2af531e5811b46300e6ea2aa20a7c399d8695bca39

  • SSDEEP

    1536:I3IybQOYMQ9+jlwljSsoJZLR/isXUwXfzwP:4lYP+uljSscLR/iYPzwP

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      d888f2f46384e34ba044a30b6f69cbbbf5ffd706db973b20dc4676a77cbb43bf

    • Size

      64KB

    • MD5

      fe40a0951b59cda28e4d66be5e71308c

    • SHA1

      9f15b8ef774e6103ec84bba8755a9f18b6e3f1fd

    • SHA256

      d888f2f46384e34ba044a30b6f69cbbbf5ffd706db973b20dc4676a77cbb43bf

    • SHA512

      4d5ce74d4091af78d02babc3294bdf7aef85710f7930bf68763a90937cb2a6f2b2d4bde697ce18989d5d3a2af531e5811b46300e6ea2aa20a7c399d8695bca39

    • SSDEEP

      1536:I3IybQOYMQ9+jlwljSsoJZLR/isXUwXfzwP:4lYP+uljSscLR/iYPzwP

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks