Overview

overview

10

Static

static

3

8f1a468114...ef.exe

windows7-x64

10

8f1a468114...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f1a4681140bdc1388c6533bc27caf03e8562bfc60644496eb1be9afe58615ef.exe

  • Size

    64KB

  • Sample

    241222-lr2awatkav

  • MD5

    d99f36197bd2b5eb163229d54908aac6

  • SHA1

    3807be843930bee72145078fa3ab523df17c6ceb

  • SHA256

    8f1a4681140bdc1388c6533bc27caf03e8562bfc60644496eb1be9afe58615ef

  • SHA512

    44b0346cbbf98715e718a4c3f0e2a06df483d898792c653568192b731503cd2d7305fbc32342cd0ef74b15c1934c6788250589192e8f5b115c613917999655cf

  • SSDEEP

    1536:oASo3b6WEz6j7WtotDmmy4JVyi8pj3XUwXfzw1:lFbrB2qtpNVyZjDPzw1

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      8f1a4681140bdc1388c6533bc27caf03e8562bfc60644496eb1be9afe58615ef.exe

    • Size

      64KB

    • MD5

      d99f36197bd2b5eb163229d54908aac6

    • SHA1

      3807be843930bee72145078fa3ab523df17c6ceb

    • SHA256

      8f1a4681140bdc1388c6533bc27caf03e8562bfc60644496eb1be9afe58615ef

    • SHA512

      44b0346cbbf98715e718a4c3f0e2a06df483d898792c653568192b731503cd2d7305fbc32342cd0ef74b15c1934c6788250589192e8f5b115c613917999655cf

    • SSDEEP

      1536:oASo3b6WEz6j7WtotDmmy4JVyi8pj3XUwXfzw1:lFbrB2qtpNVyZjDPzw1

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks