Overview

overview

10

Static

static

3

efe7a50753...1N.exe

windows7-x64

10

efe7a50753...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efe7a50753de206f56d0cacf2073e166947be347f48d81985a344c5e84edeb11N.exe

  • Size

    55KB

  • Sample

    241208-e4h7haspez

  • MD5

    5d6a700cd00a083a16a9405425a57a60

  • SHA1

    f4f78101e4f90b9b5b3c781d1db6513e8796a95f

  • SHA256

    efe7a50753de206f56d0cacf2073e166947be347f48d81985a344c5e84edeb11

  • SHA512

    65df7a8b8589a0d36c8e12835d6417bb492efe5cf4e38e6a5e637195803de1ed9d10337d1446f8f5bee649b26a06917755a71153116f8f239137e2c4f4f569ea

  • SSDEEP

    1536:n32Oj+SfsrJS/fveiiEZZZZZZVxv9to8WNSoNSd0A3shxD6+:nj4JSPTiEZZZZZZVxv9t7WNXNW0A8hhR

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      efe7a50753de206f56d0cacf2073e166947be347f48d81985a344c5e84edeb11N.exe

    • Size

      55KB

    • MD5

      5d6a700cd00a083a16a9405425a57a60

    • SHA1

      f4f78101e4f90b9b5b3c781d1db6513e8796a95f

    • SHA256

      efe7a50753de206f56d0cacf2073e166947be347f48d81985a344c5e84edeb11

    • SHA512

      65df7a8b8589a0d36c8e12835d6417bb492efe5cf4e38e6a5e637195803de1ed9d10337d1446f8f5bee649b26a06917755a71153116f8f239137e2c4f4f569ea

    • SSDEEP

      1536:n32Oj+SfsrJS/fveiiEZZZZZZVxv9to8WNSoNSd0A3shxD6+:nj4JSPTiEZZZZZZVxv9t7WNXNW0A8hhR

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks