Overview

overview

10

Static

static

3

7c0dba92ee...61.exe

windows7-x64

10

7c0dba92ee...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c0dba92ee17fc677b9ddbc970133109dcb16deb75a1caca21c4c1b0c33dd361.exe

  • Size

    512KB

  • Sample

    241222-hj5fsaxraw

  • MD5

    c6b7066545894828effd308d17bfbe67

  • SHA1

    3f04f2e3a29b33690f0530c54ecf81592b129bd4

  • SHA256

    7c0dba92ee17fc677b9ddbc970133109dcb16deb75a1caca21c4c1b0c33dd361

  • SHA512

    78542ff713a91ee8f6aeb9c706d9d116f2992e537b7198783dcc3038e358b86dded560d92fbb5fad475a2a4f8e485ee6992cfbf78a353dd8c3f25fca1574077b

  • SSDEEP

    6144:8cjAG853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZr:FQBpnchWcZr

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7c0dba92ee17fc677b9ddbc970133109dcb16deb75a1caca21c4c1b0c33dd361.exe

    • Size

      512KB

    • MD5

      c6b7066545894828effd308d17bfbe67

    • SHA1

      3f04f2e3a29b33690f0530c54ecf81592b129bd4

    • SHA256

      7c0dba92ee17fc677b9ddbc970133109dcb16deb75a1caca21c4c1b0c33dd361

    • SHA512

      78542ff713a91ee8f6aeb9c706d9d116f2992e537b7198783dcc3038e358b86dded560d92fbb5fad475a2a4f8e485ee6992cfbf78a353dd8c3f25fca1574077b

    • SSDEEP

      6144:8cjAG853XBpnTfwNPbAvjDAcXxxXfY09cnEWPDZr:FQBpnchWcZr

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks