Overview

overview

10

Static

static

10

6e61b8f66b...fe.exe

windows7-x64

10

6e61b8f66b...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e61b8f66b3bfdb6cf237b1e449c28ec5ae49f7e0f9a553a0fe4d1e3acf6a2fe.exe

  • Size

    428KB

  • Sample

    241222-r5z8masjbn

  • MD5

    e71262c450fbc44059e7d49790c03a88

  • SHA1

    a962416e6ee96f8ba7eaf1959a783e3cd1f3d3bf

  • SHA256

    6e61b8f66b3bfdb6cf237b1e449c28ec5ae49f7e0f9a553a0fe4d1e3acf6a2fe

  • SHA512

    55efd36a87d855dca85f9c8cca2bc9a193b564db628315dd6e74c86b70611074ae8605b3129a85fb3ab8fd87377dd049ff87db216aa3dffa645f4e982a789903

  • SSDEEP

    3072:YYS9PbapZ8mnaoPav8Wz24ho1mtye3lFDrFDHZtO8jJkiUi8ChpBhx5Zd424ho19:WPmp5ba4sFj5tPNki9HZd1sFj5tw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6e61b8f66b3bfdb6cf237b1e449c28ec5ae49f7e0f9a553a0fe4d1e3acf6a2fe.exe

    • Size

      428KB

    • MD5

      e71262c450fbc44059e7d49790c03a88

    • SHA1

      a962416e6ee96f8ba7eaf1959a783e3cd1f3d3bf

    • SHA256

      6e61b8f66b3bfdb6cf237b1e449c28ec5ae49f7e0f9a553a0fe4d1e3acf6a2fe

    • SHA512

      55efd36a87d855dca85f9c8cca2bc9a193b564db628315dd6e74c86b70611074ae8605b3129a85fb3ab8fd87377dd049ff87db216aa3dffa645f4e982a789903

    • SSDEEP

      3072:YYS9PbapZ8mnaoPav8Wz24ho1mtye3lFDrFDHZtO8jJkiUi8ChpBhx5Zd424ho19:WPmp5ba4sFj5tPNki9HZd1sFj5tw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks