Overview

overview

10

Static

static

3

3f12fb8372...52.exe

windows7-x64

10

3f12fb8372...52.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f12fb837229e72681ee662b073fd8a3b7ae64eca4ff1c9bac810b97c4189952.exe

  • Size

    97KB

  • Sample

    241222-rx5s5s1qcn

  • MD5

    dd2b95f2ef0a071afc0352bffd959125

  • SHA1

    4b2fef0fd69d3c73fc451d4ada473bdbbda7f8b6

  • SHA256

    3f12fb837229e72681ee662b073fd8a3b7ae64eca4ff1c9bac810b97c4189952

  • SHA512

    140603587291816ed9ebc849e1bb7772da5f2bb114de48bdbd228b5566bf12cf47744d86ca30fd92fceda3777941aade2a63ee80e9c1e08894f6bbafb0cb9519

  • SSDEEP

    1536:ea1FhSKpagZK8StOUi41meChpfABZ5Ja9tXUwXfzwE57pvJXeYZc:eAmmUt7ChmZ5095Pzwm7pJXeKc

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3f12fb837229e72681ee662b073fd8a3b7ae64eca4ff1c9bac810b97c4189952.exe

    • Size

      97KB

    • MD5

      dd2b95f2ef0a071afc0352bffd959125

    • SHA1

      4b2fef0fd69d3c73fc451d4ada473bdbbda7f8b6

    • SHA256

      3f12fb837229e72681ee662b073fd8a3b7ae64eca4ff1c9bac810b97c4189952

    • SHA512

      140603587291816ed9ebc849e1bb7772da5f2bb114de48bdbd228b5566bf12cf47744d86ca30fd92fceda3777941aade2a63ee80e9c1e08894f6bbafb0cb9519

    • SSDEEP

      1536:ea1FhSKpagZK8StOUi41meChpfABZ5Ja9tXUwXfzwE57pvJXeYZc:eAmmUt7ChmZ5095Pzwm7pJXeKc

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks