Overview

overview

10

Static

static

10

0ba22fbf3d...3f.exe

windows7-x64

10

0ba22fbf3d...3f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ba22fbf3de38ce3c95b9012b1b0c7ee23d224296f8f0a7d2184c9235f5c273f

  • Size

    128KB

  • Sample

    241209-x5gn6syjcz

  • MD5

    c28b78f30175c20cbbac188d69c25946

  • SHA1

    86bfa82aea7a6c67718381c4b652d6fc5c33bd5f

  • SHA256

    0ba22fbf3de38ce3c95b9012b1b0c7ee23d224296f8f0a7d2184c9235f5c273f

  • SHA512

    81cd6987d701df2534060535c162dbe414ad283cd0d948f6b9a91de67255f733256d6ab02238682924ff8e69a2ffbd79372ed51cf9307bda074cbee12a392ee7

  • SSDEEP

    3072:EJgsYMVls6kym/PwidSX3ReDrFDHZtOgxBOXXH:EJgs3Ps6MP7dSX3RO5tTDUX

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0ba22fbf3de38ce3c95b9012b1b0c7ee23d224296f8f0a7d2184c9235f5c273f

    • Size

      128KB

    • MD5

      c28b78f30175c20cbbac188d69c25946

    • SHA1

      86bfa82aea7a6c67718381c4b652d6fc5c33bd5f

    • SHA256

      0ba22fbf3de38ce3c95b9012b1b0c7ee23d224296f8f0a7d2184c9235f5c273f

    • SHA512

      81cd6987d701df2534060535c162dbe414ad283cd0d948f6b9a91de67255f733256d6ab02238682924ff8e69a2ffbd79372ed51cf9307bda074cbee12a392ee7

    • SSDEEP

      3072:EJgsYMVls6kym/PwidSX3ReDrFDHZtOgxBOXXH:EJgs3Ps6MP7dSX3RO5tTDUX

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks