Overview

overview

10

Static

static

10

7341bc545d...e1.exe

windows7-x64

10

7341bc545d...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7341bc545db288aecc6c94511f4e8382e6f011def369debf91570de688e736e1

  • Size

    224KB

  • Sample

    241222-3p3vcs1rht

  • MD5

    a7f97b5f150974f7e0864ee301620417

  • SHA1

    4209afcd675b8e62135114ff555cfa78633ce2f0

  • SHA256

    7341bc545db288aecc6c94511f4e8382e6f011def369debf91570de688e736e1

  • SHA512

    e87c1c3833083b5ec659995e4c5b8cc58093a8ffb3155582ad90887c6f8a185119bb958c6fa75f2ddae02298a661944847e2599623af4a3f71b64bbeb1f09907

  • SSDEEP

    3072:m9Sj5DgZ/4tQCdzNIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOa:mwgZ/4GCdzL4s5tTDUZNSN58VU5tTtf

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7341bc545db288aecc6c94511f4e8382e6f011def369debf91570de688e736e1

    • Size

      224KB

    • MD5

      a7f97b5f150974f7e0864ee301620417

    • SHA1

      4209afcd675b8e62135114ff555cfa78633ce2f0

    • SHA256

      7341bc545db288aecc6c94511f4e8382e6f011def369debf91570de688e736e1

    • SHA512

      e87c1c3833083b5ec659995e4c5b8cc58093a8ffb3155582ad90887c6f8a185119bb958c6fa75f2ddae02298a661944847e2599623af4a3f71b64bbeb1f09907

    • SSDEEP

      3072:m9Sj5DgZ/4tQCdzNIuYUvIMDrFDHZtOgxBOXXwwfBoD6N3h8N5G2qVUDrFDHZtOa:mwgZ/4GCdzL4s5tTDUZNSN58VU5tTtf

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks