Overview

overview

10

Static

static

10

bd377e4f29...c0.exe

windows7-x64

10

bd377e4f29...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd377e4f294f32900ecfbdf0af37b5d41ad40727cb3327d6afad8508813902c0.exe

  • Size

    318KB

  • Sample

    241222-pdbd3sxnbz

  • MD5

    4bc4ae0e5bae927fb60625e5165ec0b1

  • SHA1

    bddbe8cca5f388a6df44b05e01526f709293945b

  • SHA256

    bd377e4f294f32900ecfbdf0af37b5d41ad40727cb3327d6afad8508813902c0

  • SHA512

    8f342ea0755d6ceda5049b5f63acff98f021cac9d40cc3582b773f3e1c3e393ed1320cac8d7b5a13c11c4ea66fc02d1011309c89274d07388be9587cbf9ea1ef

  • SSDEEP

    6144:+86XRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:+pO4wFHoS04wFHoSrZxk

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      bd377e4f294f32900ecfbdf0af37b5d41ad40727cb3327d6afad8508813902c0.exe

    • Size

      318KB

    • MD5

      4bc4ae0e5bae927fb60625e5165ec0b1

    • SHA1

      bddbe8cca5f388a6df44b05e01526f709293945b

    • SHA256

      bd377e4f294f32900ecfbdf0af37b5d41ad40727cb3327d6afad8508813902c0

    • SHA512

      8f342ea0755d6ceda5049b5f63acff98f021cac9d40cc3582b773f3e1c3e393ed1320cac8d7b5a13c11c4ea66fc02d1011309c89274d07388be9587cbf9ea1ef

    • SSDEEP

      6144:+86XRVEQHdMcm4FmowdHoS7c5cm4FmowdHoSrNF9xRVEQHd4:+pO4wFHoS04wFHoSrZxk

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks