Overview

overview

10

Static

static

3

33652a5153...f9.exe

windows7-x64

10

33652a5153...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33652a5153f99c2eaf4add0b0302736b393f7db8a121b6e98e1b57024aa605f9

  • Size

    64KB

  • Sample

    241224-zvcnksxlbw

  • MD5

    4e0fbc0fcb20bf814682a250ef1bc7e5

  • SHA1

    d6aefaaf25f2677246e2d6ef1ff50aea7c326c10

  • SHA256

    33652a5153f99c2eaf4add0b0302736b393f7db8a121b6e98e1b57024aa605f9

  • SHA512

    465a1b00531102630bee0d00d94daa46a95b0b09e759c9d4626c459e615a6c512c98af07717da1926f9351bc6e0d4ab2df0eeef8d5a76ba9ba76a84326a2002d

  • SSDEEP

    1536:R3wqsPXQOXYH0qzYl9Yjp72Fo3pEslLBsLnVLdGUHyNwy:R3wq4XYH0q69YjJT3pllLBsLnVUUHyNN

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      33652a5153f99c2eaf4add0b0302736b393f7db8a121b6e98e1b57024aa605f9

    • Size

      64KB

    • MD5

      4e0fbc0fcb20bf814682a250ef1bc7e5

    • SHA1

      d6aefaaf25f2677246e2d6ef1ff50aea7c326c10

    • SHA256

      33652a5153f99c2eaf4add0b0302736b393f7db8a121b6e98e1b57024aa605f9

    • SHA512

      465a1b00531102630bee0d00d94daa46a95b0b09e759c9d4626c459e615a6c512c98af07717da1926f9351bc6e0d4ab2df0eeef8d5a76ba9ba76a84326a2002d

    • SSDEEP

      1536:R3wqsPXQOXYH0qzYl9Yjp72Fo3pEslLBsLnVLdGUHyNwy:R3wq4XYH0q69YjJT3pllLBsLnVUUHyNN

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks