Overview

overview

10

Static

static

10

e76f4535eb...9b.exe

windows7-x64

10

e76f4535eb...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e76f4535ebd825558f10b00f67bd46d4db16b9a019ad7a7a9b1c5bb69b8a089b

  • Size

    364KB

  • Sample

    241223-erenjswjdz

  • MD5

    d739fdcb9a7cda150d1ff16cbe678dd3

  • SHA1

    d88718ec27f4a4b6792a849be7ac44621dde9217

  • SHA256

    e76f4535ebd825558f10b00f67bd46d4db16b9a019ad7a7a9b1c5bb69b8a089b

  • SHA512

    ef75780bdd6439cc293f5b8244feb542f32fc0a8ca466f8c1a9007d9c99e3ec5946f53e0a5086970adb611dcabfe3a860bc6ce6ffab44f13de7b5f014e1c4274

  • SSDEEP

    6144:A7aLvM5QysFj5tT3sFxHnkO/ACmLksFj5tT3sF:pas15tLs/EO/ACmgs15tLs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e76f4535ebd825558f10b00f67bd46d4db16b9a019ad7a7a9b1c5bb69b8a089b

    • Size

      364KB

    • MD5

      d739fdcb9a7cda150d1ff16cbe678dd3

    • SHA1

      d88718ec27f4a4b6792a849be7ac44621dde9217

    • SHA256

      e76f4535ebd825558f10b00f67bd46d4db16b9a019ad7a7a9b1c5bb69b8a089b

    • SHA512

      ef75780bdd6439cc293f5b8244feb542f32fc0a8ca466f8c1a9007d9c99e3ec5946f53e0a5086970adb611dcabfe3a860bc6ce6ffab44f13de7b5f014e1c4274

    • SSDEEP

      6144:A7aLvM5QysFj5tT3sFxHnkO/ACmLksFj5tT3sF:pas15tLs/EO/ACmgs15tLs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks