Overview

overview

10

Static

static

3

99ed6db29a...9N.exe

windows7-x64

10

99ed6db29a...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99ed6db29a007e409a72f77332c2dea12391d491eca7346f6f1f928c3fe40a49N.exe

  • Size

    97KB

  • Sample

    241208-ds2c9svmbr

  • MD5

    729f87a054b49d5f6dfdddad02ac1c20

  • SHA1

    79d5e246ab9ae6c6d99fbb30bd358e3cd0f506d3

  • SHA256

    99ed6db29a007e409a72f77332c2dea12391d491eca7346f6f1f928c3fe40a49

  • SHA512

    33663402d5d610ec3ecff7fbfe6fc27d610fd7603811692a5d4b97b3e49724e683a1200bec93ce8976d63ea9ab483debfc21b354716ad9ad3107a37e50b6c2b2

  • SSDEEP

    3072:kyifMoFMT49QinEgcuAr53TPzwm7pJXeKg:kyC9xminVtAr53zz/7ze5

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      99ed6db29a007e409a72f77332c2dea12391d491eca7346f6f1f928c3fe40a49N.exe

    • Size

      97KB

    • MD5

      729f87a054b49d5f6dfdddad02ac1c20

    • SHA1

      79d5e246ab9ae6c6d99fbb30bd358e3cd0f506d3

    • SHA256

      99ed6db29a007e409a72f77332c2dea12391d491eca7346f6f1f928c3fe40a49

    • SHA512

      33663402d5d610ec3ecff7fbfe6fc27d610fd7603811692a5d4b97b3e49724e683a1200bec93ce8976d63ea9ab483debfc21b354716ad9ad3107a37e50b6c2b2

    • SSDEEP

      3072:kyifMoFMT49QinEgcuAr53TPzwm7pJXeKg:kyC9xminVtAr53zz/7ze5

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks