Overview

overview

10

Static

static

10

90925cd1cc...3e.exe

windows7-x64

10

90925cd1cc...3e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90925cd1cc476c64b7777c79954750bf3ad799cf9a8084726f50356ef63fb93e

  • Size

    364KB

  • Sample

    241223-a8wk6ssqay

  • MD5

    eae2405ba696d806fc1ba03d9d1d8663

  • SHA1

    cdc3a0fccec61988c19600aeaec5cdf8b68bd5ad

  • SHA256

    90925cd1cc476c64b7777c79954750bf3ad799cf9a8084726f50356ef63fb93e

  • SHA512

    084f06eb7e2dcda98f1259bc63895c5e155eff75ce0a4eac745ffd2818709c0797e58c966a254f446459694195506016d001c09782165582fa5e7a743ccbee1c

  • SSDEEP

    6144:xf5Z7afIdQcDsFj5tT3sFxHnkO/ACmLksFj5tT3sF:fZ7aft8s15tLs/EO/ACmgs15tLs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      90925cd1cc476c64b7777c79954750bf3ad799cf9a8084726f50356ef63fb93e

    • Size

      364KB

    • MD5

      eae2405ba696d806fc1ba03d9d1d8663

    • SHA1

      cdc3a0fccec61988c19600aeaec5cdf8b68bd5ad

    • SHA256

      90925cd1cc476c64b7777c79954750bf3ad799cf9a8084726f50356ef63fb93e

    • SHA512

      084f06eb7e2dcda98f1259bc63895c5e155eff75ce0a4eac745ffd2818709c0797e58c966a254f446459694195506016d001c09782165582fa5e7a743ccbee1c

    • SSDEEP

      6144:xf5Z7afIdQcDsFj5tT3sFxHnkO/ACmLksFj5tT3sF:fZ7aft8s15tLs/EO/ACmgs15tLs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks