Overview

overview

10

Static

static

10

8036938434...74.exe

windows7-x64

10

8036938434...74.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    803693843445a663a0599bdf3db8240030bd6e5ef24cea437cf1103a67408474

  • Size

    226KB

  • Sample

    241224-3z6zrs1pcm

  • MD5

    ef3072d367761979b8c4299daefa2204

  • SHA1

    9cd83a016ae08d3effca3c8a508ecbc49767fdee

  • SHA256

    803693843445a663a0599bdf3db8240030bd6e5ef24cea437cf1103a67408474

  • SHA512

    4ea9039b4f5601f0b762800ad6df35fd081a0791dfb97f54cfb80cdd1c417eb7ece79b3ffe6006b6c940d977df087c6f9a1462c302f26542ab7323a157063529

  • SSDEEP

    3072:AVaQTkjKdq6DKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtb:A2jKdqTxEtQtsEtb

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      803693843445a663a0599bdf3db8240030bd6e5ef24cea437cf1103a67408474

    • Size

      226KB

    • MD5

      ef3072d367761979b8c4299daefa2204

    • SHA1

      9cd83a016ae08d3effca3c8a508ecbc49767fdee

    • SHA256

      803693843445a663a0599bdf3db8240030bd6e5ef24cea437cf1103a67408474

    • SHA512

      4ea9039b4f5601f0b762800ad6df35fd081a0791dfb97f54cfb80cdd1c417eb7ece79b3ffe6006b6c940d977df087c6f9a1462c302f26542ab7323a157063529

    • SSDEEP

      3072:AVaQTkjKdq6DKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtb:A2jKdqTxEtQtsEtb

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks