Overview

overview

10

Static

static

3

5ce36d4710...b2.exe

windows7-x64

10

5ce36d4710...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ce36d4710f032c34a39a97a0c6fce4f02ab924edc8e5b276dfa296f3492acb2.exe

  • Size

    55KB

  • Sample

    241222-js67eazqdj

  • MD5

    4ed7e5cfdd0a7a7b6d3e291a76c8d037

  • SHA1

    53e3714020336190c91605a3c68ae0956d057bee

  • SHA256

    5ce36d4710f032c34a39a97a0c6fce4f02ab924edc8e5b276dfa296f3492acb2

  • SHA512

    ae82873ca757f4d1fcd857177854239b416d4d9dbb271d881b5a7830d1311248dc5d21d6160780fd7784c7d36dd40beaee04e67e5115cac72626f4fdfe790602

  • SSDEEP

    1536:mgMZPy9y3UDaRPy1JOgWNSoNSd0A3shxD6O:tJOgWNXNW0A8hhJ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      5ce36d4710f032c34a39a97a0c6fce4f02ab924edc8e5b276dfa296f3492acb2.exe

    • Size

      55KB

    • MD5

      4ed7e5cfdd0a7a7b6d3e291a76c8d037

    • SHA1

      53e3714020336190c91605a3c68ae0956d057bee

    • SHA256

      5ce36d4710f032c34a39a97a0c6fce4f02ab924edc8e5b276dfa296f3492acb2

    • SHA512

      ae82873ca757f4d1fcd857177854239b416d4d9dbb271d881b5a7830d1311248dc5d21d6160780fd7784c7d36dd40beaee04e67e5115cac72626f4fdfe790602

    • SSDEEP

      1536:mgMZPy9y3UDaRPy1JOgWNSoNSd0A3shxD6O:tJOgWNXNW0A8hhJ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks