Overview

overview

10

Static

static

10

64254857e1...4f.exe

windows7-x64

10

64254857e1...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64254857e1096e51b4b118b22a07bb64252d36071382c4bec26e6c75a44d3a4f.exe

  • Size

    409KB

  • Sample

    241222-lv8jcstkh1

  • MD5

    cd53c8149a160a5008ec7cf7204c0bbc

  • SHA1

    e036323d52174b5e20fccebde41fae543981e1d7

  • SHA256

    64254857e1096e51b4b118b22a07bb64252d36071382c4bec26e6c75a44d3a4f

  • SHA512

    3168a29cb332907f42fb300fe71e66ebacc98d10b978238033765e9f9853495416e321756d18303064b36607355ed12b4b2e604790496bf56b740e90da310321

  • SSDEEP

    6144:XKa5tfZgZ0Wd/OWdPS2LStOshOWdPS2LN:aEaF5fC5Z

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      64254857e1096e51b4b118b22a07bb64252d36071382c4bec26e6c75a44d3a4f.exe

    • Size

      409KB

    • MD5

      cd53c8149a160a5008ec7cf7204c0bbc

    • SHA1

      e036323d52174b5e20fccebde41fae543981e1d7

    • SHA256

      64254857e1096e51b4b118b22a07bb64252d36071382c4bec26e6c75a44d3a4f

    • SHA512

      3168a29cb332907f42fb300fe71e66ebacc98d10b978238033765e9f9853495416e321756d18303064b36607355ed12b4b2e604790496bf56b740e90da310321

    • SSDEEP

      6144:XKa5tfZgZ0Wd/OWdPS2LStOshOWdPS2LN:aEaF5fC5Z

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks