Overview

overview

10

Static

static

3

b21deff6fb...0N.exe

windows7-x64

10

b21deff6fb...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b21deff6fb7ad8e502c4e0f7763dbaeb3673def1706ed1621d773c7e9b7d0fa0N.exe

  • Size

    85KB

  • Sample

    241222-rra2ks1nhr

  • MD5

    e4e265771350587543da5e3d1a4df360

  • SHA1

    c6c100c12896164b8c0df899adf76b26d52db4f3

  • SHA256

    b21deff6fb7ad8e502c4e0f7763dbaeb3673def1706ed1621d773c7e9b7d0fa0

  • SHA512

    1fb9c2f2f6ba49c93fbe5cf79f0a863396d684365ebd3b6b9b0fb6e5fdf174cde905095d8bdff3b7dd13a52668edab2f0ddb336cf136a5788cc91bb818732173

  • SSDEEP

    1536:DI9fAoAXv6TCw+jUkdXnQbDlO7uXcNvvm5yw/Lb0OUrrQ35wNBb:efAoAyTC1TBQbs7usluTXp6b

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      b21deff6fb7ad8e502c4e0f7763dbaeb3673def1706ed1621d773c7e9b7d0fa0N.exe

    • Size

      85KB

    • MD5

      e4e265771350587543da5e3d1a4df360

    • SHA1

      c6c100c12896164b8c0df899adf76b26d52db4f3

    • SHA256

      b21deff6fb7ad8e502c4e0f7763dbaeb3673def1706ed1621d773c7e9b7d0fa0

    • SHA512

      1fb9c2f2f6ba49c93fbe5cf79f0a863396d684365ebd3b6b9b0fb6e5fdf174cde905095d8bdff3b7dd13a52668edab2f0ddb336cf136a5788cc91bb818732173

    • SSDEEP

      1536:DI9fAoAXv6TCw+jUkdXnQbDlO7uXcNvvm5yw/Lb0OUrrQ35wNBb:efAoAyTC1TBQbs7usluTXp6b

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks