Overview

overview

10

Static

static

3

5f6c4ffa3f...6N.exe

windows7-x64

10

5f6c4ffa3f...6N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f6c4ffa3f74c611c0454cdef99aeac6fae412e347e1ab1bc3d9c11ee3feb5c6N.exe

  • Size

    55KB

  • Sample

    241208-dm4w7svkan

  • MD5

    5bfb7e3f1b163f07d1f6224c81dbce50

  • SHA1

    386ac605f8d55dcd9024d62dfa1aace414e6b920

  • SHA256

    5f6c4ffa3f74c611c0454cdef99aeac6fae412e347e1ab1bc3d9c11ee3feb5c6

  • SHA512

    90bc5621da545da6449aefd05f237d36156c5bf1ff52048190602dc3b15f47ae15013a3642645fe25540df701144965f4f5f5390a548d605c9c07d946b574a15

  • SSDEEP

    1536:HdQWiZN+2VIE+ktUs8NSoNSd0A3shxD6q:HdVyNHVBJCs8NXNW0A8hht

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      5f6c4ffa3f74c611c0454cdef99aeac6fae412e347e1ab1bc3d9c11ee3feb5c6N.exe

    • Size

      55KB

    • MD5

      5bfb7e3f1b163f07d1f6224c81dbce50

    • SHA1

      386ac605f8d55dcd9024d62dfa1aace414e6b920

    • SHA256

      5f6c4ffa3f74c611c0454cdef99aeac6fae412e347e1ab1bc3d9c11ee3feb5c6

    • SHA512

      90bc5621da545da6449aefd05f237d36156c5bf1ff52048190602dc3b15f47ae15013a3642645fe25540df701144965f4f5f5390a548d605c9c07d946b574a15

    • SSDEEP

      1536:HdQWiZN+2VIE+ktUs8NSoNSd0A3shxD6q:HdVyNHVBJCs8NXNW0A8hht

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks